Matt Simpson | 4 Mar 16:01 2012
Picon

Re: How to: qmail-smtpd for roaming users.


On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:

> Ok, I change the question. Should I make the second smtpd folder and run
> file, let's say /var/qmail/service/smtpd2/run and make another link to
> /service and then running another qmail-smtpd.rules/cdb files? 

Yes.  You'll need to change the port that it listens to.  In the script that you posted, it looks like the port is
assigned via environment variable ${PORT-25}, which must be set somewhere else because it's not in that
script.  You'll need to either change that line in the script or change the ${PORT-25} variable.  You
probably want to use port 587.

You need another tcprules cdb file that will allow connection from anywhere.

Then you need to look at the doc for whatever AUTH patch you have installed.  There are probably some
environment variables that need to be set to turn on authentication.

--

-- 
Matt Simpson
Tatertown, KY

FC Mario Patty | 6 Mar 07:23 2012
Picon

Re: How to: qmail-smtpd for roaming users.

FYI, here what I do to make the second smtpd(2) service:

1. Stop qmail via
          # svc -d /service/qmail

2. Create the second smtpd directory with qmail-smtpd-conf
          # qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd2

3. Instead of using the tcp file in /var/qmail/service/smtpd2, I use qmail-smtpd2.rules under /var/qmail/control, so I make the second rules file via copy (of the first qmail-smtpd.rules) and edit its content
          :allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/simscan"

and then make some modification in /var/qmail/control/Makefile and add qmail-smtpd2.cdb into FILES (variable?).

4. Running make under /var/qmail/control directory to create qmail-smtpd2.cdb file.

         # cd /var/qmail/control/
         # make

5. I go to /var/qmail/service/smtpd2/ and modify the run file, especially the last 3 lines (not to include the ` character).
  
         # vi run
            .......
            -x/var/qmail/control/qmail-smtpd2.cdb \
            -- "${IP-0}" "${PORT-587}" \
           /var/qmail/bin/qmail-smtpd auth_smtp
            
6. Replace the port env file content (from 25 to 587).
          # echo 587 > /var/qmail/service/smtpd2/env/PORT

7. Make symlink of smtpd2 in /service
          # ln -s /var/qmail/service/smtpd2 /service

The last one, I run qmail with `svc -u /service/qmail`.

The result is I can send email to gmail or viceversa, or send email from our production mail server to this trial server and succeed. Problem comes when the sender is android smart phone email client, that the server automatically throw the android emails and give them high SPAM score. I guess the culprit is the HELO localhost conversation. I erased QMAILQUEUE out of qmail-smtpd2.rules(cdb) but the result is just the same if I sent email to our production qmail server (but it works with yahoo mail). What can I do with qmail to deal with android smart phone? Thank you in advance.

Regards,
Mario


On Sun, Mar 4, 2012 at 10:01 PM, Matt Simpson <qmlist <at> news.jmatt.net> wrote:

On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:

> Ok, I change the question. Should I make the second smtpd folder and run
> file, let's say /var/qmail/service/smtpd2/run and make another link to
> /service and then running another qmail-smtpd.rules/cdb files?


Yes.  You'll need to change the port that it listens to.  In the script that you posted, it looks like the port is assigned via environment variable ${PORT-25}, which must be set somewhere else because it's not in that script.  You'll need to either change that line in the script or change the ${PORT-25} variable.  You probably want to use port 587.

You need another tcprules cdb file that will allow connection from anywhere.

Then you need to look at the doc for whatever AUTH patch you have installed.  There are probably some environment variables that need to be set to turn on authentication.

--
Matt Simpson
Tatertown, KY




Erwin Hoffmann | 6 Mar 09:23 2012
Picon

Re: How to: qmail-smtpd for roaming users.

Hi Mario,

though I don't know what Auth patch you are using (you find mine at http://fehcom.de/qmail.html)

On Tue, 6 Mar 2012 13:23:18 +0700, FC Mario Patty <fcmario76 <at> gmail.com> wrote :

> 
> FYI, here what I do to make the second smtpd(2) service:
> 
> 1. Stop qmail via
>           # svc -d /service/qmail
> 
> 2. Create the second smtpd directory with qmail-smtpd-conf
>           # qmail-smtpd-conf qmaild qmaill /var/qmail/service/smtpd2
> 
> 3. Instead of using the tcp file in /var/qmail/service/smtpd2, I use
> qmail-smtpd2.rules under /var/qmail/control, so I make the second rules
> file via copy (of the first qmail-smtpd.rules) and edit its content

Actually, You DONT need a rules file (except for are cases) if you use Submission. 

> 
> :allow,RELAYCLIENT="",SMTPAUTH="",AUTHREQUIRED="",QMAILQUEUE="/var/qmail/bin/
simscan"
>

No. No. Remove the RELAYCLIENT here. It is at best useless.

It is sufficient, if you include in your qmail-smtpd2 run script the following:

export SMTPAUTH=""
export AUTHREQUIRED=""
export QMAILQUEUE="/var/qmail/bin/simscan"

or put it into ./env

> and then make some modification in /var/qmail/control/Makefile and add
> qmail-smtpd2.cdb into FILES (variable?).
> 
> 4. Running make under /var/qmail/control directory to create
> qmail-smtpd2.cdb file.
> 
>          # cd /var/qmail/control/
>          # make
> 
> 5. I go to /var/qmail/service/smtpd2/ and modify the run file, especially
> the last 3 lines (not to include the ` character).
> 
>          # vi run
>             .......
>             -x/var/qmail/control/qmail-smtpd2.cdb \
>             -- "${IP-0}" "${PORT-587}" \
>            /var/qmail/bin/qmail-smtpd auth_smtp
>

What is 'auth_smtp' ?

Typically you need a PAM suporting your Auth feature and having access to the user database (I 
discussed this at http://www.fehcom.de/qmail/smptauth.html). If -- in your case -- auth_smtp is 
not a PAM (using RELAYCLIENT="") EVERYBODY can use your Submission server to relay. This is 
the worst possible solution.

> 6. Replace the port env file content (from 25 to 587).
>           # echo 587 > /var/qmail/service/smtpd2/env/PORT
>

Do you have the endir setting in your run script ? You tend to make settings too complicated.

> 7. Make symlink of smtpd2 in /service
>           # ln -s /var/qmail/service/smtpd2 /service
> 
> The last one, I run qmail with `svc -u /service/qmail`.
> 
> The result is I can send email to gmail or viceversa, or send email from
> our production mail server to this trial server and succeed. Problem comes
> when the sender is android smart phone email client, that the server
> automatically throw the android emails and give them high SPAM score. I
> guess the culprit is the HELO localhost conversation. I erased QMAILQUEUE
> out of qmail-smtpd2.rules(cdb) but the result is just the same if I sent
> email to our production qmail server (but it works with yahoo mail). What
> can I do with qmail to deal with android smart phone? Thank you in advance.
>

You need to provide us the header statements your Auth package is including. 
Many anti-spam SW (including Spamassassin) evaluate this information. If this is missing or wrong, 
you may end up in your situation. The HELO statement being analyzed by the remote side is 
probably that of your qmail host; not the Android ones. 

> Regards,
> Mario
> 
> 
> On Sun, Mar 4, 2012 at 10:01 PM, Matt Simpson <qmlist <at> news.jmatt.net> wrote:
> 
> >
> > On Mar 4, 2012, at 6:07 AM, FC Mario Patty wrote:
> >
> > > Ok, I change the question. Should I make the second smtpd folder and run
> > > file, let's say /var/qmail/service/smtpd2/run and make another link to
> > > /service and then running another qmail-smtpd.rules/cdb files?
> >
> >
> > Yes.  You'll need to change the port that it listens to.  In the script
> > that you posted, it looks like the port is assigned via environment
> > variable ${PORT-25}, which must be set somewhere else because it's not in
> > that script.  You'll need to either change that line in the script or
> > change the ${PORT-25} variable.  You probably want to use port 587.
> >
> > You need another tcprules cdb file that will allow connection from
> > anywhere.
> >
> > Then you need to look at the doc for whatever AUTH patch you have
> > installed.  There are probably some environment variables that need to be
> > set to turn on authentication.
> >
> > --
> > Matt Simpson
> > Tatertown, KY
> >
> >
> >
> >
> 
> 

--

-- 
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/

Michael Leahy | 16 Mar 21:48 2012
Picon

Help with ucspi-ssl?

I know this is off-list, but does anyone know the address for the  
ucspi-ssl list?  Or if it is it still functioning?

I tried to subscribe to the list on the developer's web site, but I  
have not gotten a response from the listserver, nor have I gotten a  
response to my inquiries from the developer himself.

I am trying to install ucspi-ssl on CentOS 6.2 as a prerequisite for  
Erwin Hoffmann's SPAMCONTROL and smtp authentication, but the self- 
tests after compilation fail.

Thanks,
--Michael

Erwin Hoffmann | 17 Mar 07:26 2012
Picon

Re: Help with ucspi-ssl?

Hi Michael,

well, WEB does even not answer to my questions ...

On Fri, 16 Mar 2012 16:48:25 -0400, Michael Leahy <mleahy <at> adoptionassociates.net> wrote :

> I know this is off-list, but does anyone know the address for the  
> ucspi-ssl list?  Or if it is it still functioning?
> 
> I tried to subscribe to the list on the developer's web site, but I  
> have not gotten a response from the listserver, nor have I gotten a  
> response to my inquiries from the developer himself.
> 
> I am trying to install ucspi-ssl on CentOS 6.2 as a prerequisite for  
> Erwin Hoffmann's SPAMCONTROL and smtp authentication, but the self- 
> tests after compilation fail.

Since the last year(s) I maintain the code (more or less). Thus, if you need updates and support, 
contact me on my feh's address. 

regards.
--eh.

> 
> Thanks,
> --Michael
> 
> 
> 

--

-- 
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/

Toby Betts | 27 Mar 21:30 2012
Picon

Organizing lots of .qmail files

Hey all,

After many years of satisfied qmail usage and administration, I've come to the
realization that I've made entirely too many .qmail files for my own good. Any
time I sign up for a service or join a list, I'll make a new .qmail file and
happily go about my way. Over time my home directory has grown to now be about
85.9% .qmail files, which makes doing an "ls -la" interesting.

I'd like to simplify this, so I've looked into a few of the mechanisms available
like the dot-forward package and the qmail-users feature. I've looked into using
fastforward, since I've used it in the past on other systems, but it manages
associations for forwarding, not for deliveries. I could patch it, but I'd
rather avoid doing that if it turns out I'm simply overlooking a better way
consolidate all my aliases and forwards.

Ideally I'd end up with a single ~/aliases.cdb file or a ~/.qmail/ directory,
however if I edit the homedir field of a /var/qmail/users/assign file, I suspect
the default behavior will be to look there for my Maildirs and break the
'./Maildir/' syntax I've used successfully thus far.

What experiences have folks had in organizing their own .qmail files? What would
the best solution look like for a case like this?

Toby

Charles Cazabon | 28 Mar 01:31 2012
Picon

Re: Organizing lots of .qmail files

Toby Betts <toby <at> su.bze.ro> wrote:
> 
> Over time my home directory has grown to now be about 85.9% .qmail files
[...]
> Ideally I'd end up with a single ~/aliases.cdb file or a ~/.qmail/
> directory, however if I edit the homedir field of a /var/qmail/users/assign
> file

You shouldn't need to use the "wrong" value for homedir - simply setting the
"dash" field to "/" instead of "-" should cause qmail to look for
~/.qmail/ext1/ext2 (giving you your nice organized hierarchy and getting the
files out of your homedir) instead of ~/.qmail-ext1-ext2, etc.  At least I
recall others mentioning that they do this.

Charles
--

-- 
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at:                  http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------


Gmane