SMTPS on netqmail

Hi,
I'd like to use netqmail as an SMTPS server. Now this is easy to set up
in a run script with an ssl wrapper (e.g. sslserver) but the problem I
have is that SMTP AUTH won't work. Netqmail will usually enforce
STARTTLS before AUTH. However, this does not make any sense for SMTPS
as the channel is already encrypted as soon as you connect. I imagine
this to be easily modified in a patch even though I haven't really
checked the source code for this particular thing, yet. As I imagine
that I am not the first one to require this functionality, I decided to
ask for if such a patch already exists. I'm happy to work with a second
binary but, of course, a binary where this STARTTLS/SMTP AUTH behaviour
is configurable would be very neat, too. Anyway, if anybody knows of an
existing patch for this, could you please point me to where to get it?

Cheers,
Christian

Re: Redirect all messages from one domain to another domain

Thanks a lot. This works ok. :)

Before, I tested this, but with another variables, and don't work (USER, 
LOCAL, RECIPIENT)

Thanks again.

Andrés

Kyle Wheeler escribió:
> On Tuesday, July 31 at 05:53 PM, quoth Charrua:
>> If I recive a message in the domain2.com, redirect the message to the 
>> exact name account in the domain1.com:
>
>> How to make this without make one .qmail file by email account?
>> How I use .qmail-defaul file to make a generic redirect?
>
> # cat .qmail-default
> | forward $EXT <at> domain1.com
>
> ~Kyle

Re: Redirect all messages from one domain to another domain

On Wednesday, August  1 at 11:02 AM, quoth Charrua:
>Thanks a lot. This works ok. :)

You're quite welcome.

>Before, I tested this, but with another variables, and don't work 
>(USER, LOCAL, RECIPIENT)

Indeed, because of how qmail's virtual domaining works. When qmail 
makes a domain virtual, it prepends addresses with a string. For 
example, if you had the following in your virtualdomains file:

    domain2.com:foo

That means that domain2.com addresses are controlled by the user "foo" 
and all user <at> domain2.com addresses are internally rewritten as 
foo-user <at> domain2.com. Thus, when they're delivered, $USER is "foo", 
$LOCAL is "foo-user" and RECIPIENT is "foo-user <at> domain2.com". 
Obviously, what you're needing is the extension to the address 
("user"), which is stored in $EXT.

Those environment variables are spelled out and fully described in the 
qmail-command man page.

~Kyle
--

-- 
The government is like a baby's alimentary canal, with a happy 
appetite at one end and no responsibility at the other.
                                                      -- Ronald Reagan

Re: SMTPS on netqmail

On Wednesday, August  1 at 07:42 PM, quoth Christian Lerrahn:
> I'd like to use netqmail as an SMTPS server. Now this is easy to set 
> up in a run script with an ssl wrapper (e.g. sslserver) but the 
> problem I have is that SMTP AUTH won't work. Netqmail will usually 
> enforce STARTTLS before AUTH.

Netqmail does *not* usually enforce STARTTLS before AUTH. To get it to 
do that, you must have applied a patch of some kind. What patch did 
you use? Chances are (if its a good patch) it probably allows you to 
set some environment variable to circumvent the requirement.

An example of a patch that gives you that kind of control is JMS's set 
of patches, here: http://qmail.jms1.net/tls-auth.shtml

~Kyle
--

-- 
This job of playing God is a little too big for me. Nevertheless, 
someone has to do it, so I'll try my best to fake it.
                                                         -- Larry Wall

Re: Redirect all messages from one domain to another domain

Re: SMTPS on netqmail

On Wed, 1 Aug 2007 10:32:22 -0500
Kyle Wheeler <kyle-qmail <at> memoryhole.net> wrote:

> On Wednesday, August  1 at 07:42 PM, quoth Christian Lerrahn:
> > I'd like to use netqmail as an SMTPS server. Now this is easy to
> > set up in a run script with an ssl wrapper (e.g. sslserver) but the 
> > problem I have is that SMTP AUTH won't work. Netqmail will usually 
> > enforce STARTTLS before AUTH.
> 
> Netqmail does *not* usually enforce STARTTLS before AUTH. To get it
> to do that, you must have applied a patch of some kind. What patch
> did you use? Chances are (if its a good patch) it probably allows you
> to set some environment variable to circumvent the requirement.
> 
> An example of a patch that gives you that kind of control is JMS's
> set of patches, here: http://qmail.jms1.net/tls-auth.shtml

You're right. I actually use the patch from http://shupp.org, too. The
patch actually has an smtps variable as you said, I'll try using that.
Thanks for the kind reply. I should have made sure that I have nothing
but the netqmail patch before. My mistake.

Cheers,
Christian

pop3 port is in filtered status

Dear all

i really need ur advice. Recently, users of my qmail server has been
complaining of slow downloading of emails via pop and also time out on the
mail server. My users are all local and the connection to and from the
server is fine.

Ive ran nmap to see if any of the ports are closed/filtered to the server.
I found out that the pop port 110 is filtered. When this happens the
connection to the email server timed out.

The server has been running perfectly for the past year. Is there any
reason that may have caused this situation and solution to it?

Thanks in advance

Re: pop3 port is in filtered status

On Thursday, August  2 at 11:20 PM, quoth Suhaime Raeze:
>Ive ran nmap to see if any of the ports are closed/filtered to the 
>server. I found out that the pop port 110 is filtered. When this 
>happens the connection to the email server timed out.

Nmap reports that a port is "filtered" that means that it is 
*completely* unresponsive.

Did you change anything recently? Upgrade anything? Install anything? 
Configure anything?

What do your pop3 logs say?

~Kyle
--

-- 
The government of the United States is not in any sense founded on the 
Christian Religion.
                                        -- US Treaty with Tripoly, 1797

ucspi-tcp / rblsmtpd query

Re: ucspi-tcp / rblsmtpd query

Julian Grunnell <julian.grunnell <at> pipex.net> wrote:
> Hi - I know this is not strictly speaking a qmail query but can't see a
> qmail mailing list that deals specifically with rblsmtpd so I'll ask here on
> the off chance that someone knows whats going on. In a nutshell the rblsmtp
> daemon is querying IP's and the results are having the IP reversed and mail
> is getting blocked incorrectly. This is completely random and I've only been
> made aware of one example so far. A customer with several domains that sends
> via the IP 217.68.241.200.
>  
> snippet from /var/log/qmail/smtpd/current
>  
> 2007-08-03 12:59:00.321447500 tcpserver: pid 27334 from 217.68.241.200
[...]
> 2007-08-03 12:59:00.323081500 rblsmtpd: 217.68.241.200 pid 27334: 451
> http://www.spamhaus.org/query/bl?ip=200.241.68.217
[...]  
> Anyone seen this odd behaviour before?

Hmmm, no.  First question: do you have any patches applied to your
daemontools or ucspi-tcp installations, or are they pure-djb?

Charles
--

-- 
--------------------------------------------------------------------------
Charles Cazabon                               <qmail <at> discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting.  See http://pyropus.ca/ for details.
--------------------------------------------------------------------------