Mikkel Kruse Johnsen | 1 May 08:39 2006
Picon

Re: Qmail-ldap accepts dash mails.

Hi Claudio

Yes that is the case, I have a local user called 'mkj' and have localdelivery on.

Should'nt it only accept mail if the mail address exists ?
I have not compiled with DASH_EXT, isn't it what that does. ?
How do I turn this behavior off ?

How do other people prevent reverse open relay. In my case that means that a spammer could send a email to any local user and add '-something' to the address and then fake the 'mail from:' field to the person he wants to spam. They will get a bounce message with the message in it.

/Mikkel

On Sun, 2006-04-30 at 16:11 +0159, Claudio Jeker wrote:
On Fri, Apr 28, 2006 at 02:33:36PM +0200, Mikkel Kruse Johnsen wrote: > Hi Claudio > > Just had to switch to a test server, therefore the delay. > > Here it is. First a normal mail send to my account 'mkj' at domain > 'norrehus.dk' > > --- > 2006-04-28 14:28:45.855822500 tcpserver: status: 1/40 > 2006-04-28 14:28:45.856021500 tcpserver: pid 11549 from 81.19.227.226 > 2006-04-28 14:28:45.856109500 tcpserver: ok 11549 > 0:80.165.0.78:25 :81.19.227.226::56134 > 2006-04-28 14:28:45.867537500 qmail-smtpd 11549: connection from > 81.19.227.226 (unknown) to 0 > 2006-04-28 14:28:45.867568500 qmail-smtpd 11549: enabled options: > sanitycheck returnmxcheck rcptcheck smtp-auth rejectexecutables > 2006-04-28 14:28:45.876788500 qmail-smtpd 11549: remote ehlo: linet.dk > 2006-04-28 14:28:45.887383500 qmail-smtpd 11549: mail from: > root <at> linet.dk > 2006-04-28 14:28:45.887385500 qmail-smtpd 11549: SPF not checked > 2006-04-28 14:28:45.906106500 qmail-smtpd 11549: rcpt to: > mkj <at> norrehus.dk > 2006-04-28 14:28:45.906148500 qmail-smtpd 11549: recipient verify, > recipient not in goodmailaddr > 2006-04-28 14:28:45.906150500 qmail-smtpd 11549: recipient verify, > recipient is local > 2006-04-28 14:28:45.908379500 init_ldap: control/ldapserver: > 'ldap.orholm.dk' > 2006-04-28 14:28:45.908404500 init_ldap: control/ldapbasedn: > dc=orholm,dc=dk > 2006-04-28 14:28:45.908419500 init_ldap: control/ldapobjectclass: > qmailuser > 2006-04-28 14:28:45.908421500 init_ldap: control/ldaptimeout: 30 > 2006-04-28 14:28:45.908437500 init_ldap: control/ldaprebind: 0 > 2006-04-28 14:28:45.908474500 init_ldap: control/ldapdefaultdotmode: > dotonly > 2006-04-28 14:28:45.908490500 init_ldap: control/defaultquotasize: 0 > 2006-04-28 14:28:45.908492500 init_ldap: control/defaultquotacount: 0 > 2006-04-28 14:28:45.908508500 init: control/ldaplocaldelivery: 1 > 2006-04-28 14:28:45.908525500 qmail-verfiy: verifying mkj <at> norrehus.dk > 2006-04-28 14:28:45.934692500 qldap_open: init successful > 2006-04-28 14:28:45.934724500 qldap_set_option: set referrals successful > 2006-04-28 14:28:45.936155500 qldap_bind: successful > 2006-04-28 14:28:45.936194500 ldapfilter: > '(&(objectClass=qmailuser)(|(mail=mkj <at> norrehus.dk)(mailAlternateAddress=mkj <at> norrehus.dk)))' > 2006-04-28 14:28:45.936790500 qldap_lookup: search for > (&(objectClass=qmailuser)(|(mail=mkj <at> norrehus.dk)(mailAlternateAddress=mkj <at> norrehus.dk))) succeeded > 2006-04-28 14:28:45.936822500 qldap_get_attr(accountStatus): no such > attribute > 2006-04-28 14:28:45.936839500 qmail-smtpd 11549: recipient verify OK > 2006-04-28 14:28:45.945606500 qmail-smtpd 11549: go ahead > 2006-04-28 14:28:45.955221500 qmail-smtpd 11549: DDC saved 23 percent > 2006-04-28 14:28:45.984379500 qmail-smtpd 11549: message queued: > 1146227325 qp 11551 size 211 bytes > 2006-04-28 14:28:46.011376500 qmail-smtpd 11549: quit, closing > connection > 2006-04-28 14:28:46.011630500 tcpserver: end 11549 status 0 > 2006-04-28 14:28:46.011633500 tcpserver: status: 0/40 > --- > > > Now send to 'mkj' dash something: > > --- > 2006-04-28 14:29:12.081165500 tcpserver: status: 1/40 > 2006-04-28 14:29:12.081362500 tcpserver: pid 11555 from 81.19.227.226 > 2006-04-28 14:29:12.081454500 tcpserver: ok 11555 > 0:80.165.0.78:25 :81.19.227.226::56141 > 2006-04-28 14:29:12.083662500 qmail-smtpd 11555: connection from > 81.19.227.226 (unknown) to 0 > 2006-04-28 14:29:12.083667500 qmail-smtpd 11555: enabled options: > sanitycheck returnmxcheck rcptcheck smtp-auth rejectexecutables > 2006-04-28 14:29:12.093757500 qmail-smtpd 11555: remote ehlo: linet.dk > 2006-04-28 14:29:12.104566500 qmail-smtpd 11555: mail from: > root <at> linet.dk > 2006-04-28 14:29:12.104569500 qmail-smtpd 11555: SPF not checked > 2006-04-28 14:29:12.114418500 qmail-smtpd 11555: rcpt to: > mkj-sddfdsfsdfsd <at> norrehus.dk > 2006-04-28 14:29:12.114485500 qmail-smtpd 11555: recipient verify, > recipient not in goodmailaddr > 2006-04-28 14:29:12.114488500 qmail-smtpd 11555: recipient verify, > recipient is local > 2006-04-28 14:29:12.116658500 init_ldap: control/ldapserver: > 'ldap.orholm.dk' > 2006-04-28 14:29:12.116685500 init_ldap: control/ldapbasedn: > dc=orholm,dc=dk > 2006-04-28 14:29:12.116701500 init_ldap: control/ldapobjectclass: > qmailuser > 2006-04-28 14:29:12.116704500 init_ldap: control/ldaptimeout: 30 > 2006-04-28 14:29:12.116705500 init_ldap: control/ldaprebind: 0 > 2006-04-28 14:29:12.116751500 init_ldap: control/ldapdefaultdotmode: > dotonly > 2006-04-28 14:29:12.116768500 init_ldap: control/defaultquotasize: 0 > 2006-04-28 14:29:12.116770500 init_ldap: control/defaultquotacount: 0 > 2006-04-28 14:29:12.116786500 init: control/ldaplocaldelivery: 1 > 2006-04-28 14:29:12.116803500 qmail-verfiy: verifying > mkj-sddfdsfsdfsd <at> norrehus.dk > 2006-04-28 14:29:12.117289500 qldap_open: init successful > 2006-04-28 14:29:12.117317500 qldap_set_option: set referrals successful > 2006-04-28 14:29:12.118064500 qldap_bind: successful > 2006-04-28 14:29:12.118095500 ldapfilter: > '(&(objectClass=qmailuser)(|(mail=mkj-sddfdsfsdfsd <at> norrehus.dk)(mailAlternateAddress=mkj-sddfdsfsdfsd <at> norrehus.dk)))' > 2006-04-28 14:29:12.118682500 qldap_lookup: search for > (&(objectClass=qmailuser)(|(mail=mkj-sddfdsfsdfsd <at> norrehus.dk)(mailAlternateAddress=mkj-sddfdsfsdfsd <at> norrehus.dk))) succeeded > 2006-04-28 14:29:12.118713500 qldap_lookup: Nothing found > 2006-04-28 14:29:12.118715500 ldapfilter: > '(&(objectClass=qmailuser)(|(mail=catchall <at> norrehus.dk)(mailAlternateAddress=catchall <at> norrehus.dk)))' > 2006-04-28 14:29:12.119252500 qldap_lookup: search for > (&(objectClass=qmailuser)(|(mail=catchall <at> norrehus.dk)(mailAlternateAddress=catchall <at> norrehus.dk))) succeeded > 2006-04-28 14:29:12.119262500 qldap_lookup: Nothing found > 2006-04-28 14:29:12.120204500 qmail-smtpd 11555: recipient verify OK > 2006-04-28 14:29:12.129278500 qmail-smtpd 11555: go ahead > 2006-04-28 14:29:12.138673500 qmail-smtpd 11555: DDC saved 24 percent > 2006-04-28 14:29:12.142821500 qmail-smtpd 11555: message queued: > 1146227352 qp 11557 size 226 bytes > 2006-04-28 14:29:12.151964500 qmail-smtpd 11555: quit, closing > connection > 2006-04-28 14:29:12.152525500 tcpserver: end 11555 status 0 > 2006-04-28 14:29:12.152528500 tcpserver: status: 0/40 > --- > I bet you have a local mkj account on your mailserver and lcoaldelivery is turned on so the mail is accepted because qmail-verify does not check if the local user has a .qmail-whatever file. > Finally a test send to a non existing user: > > --- > 2006-04-28 14:29:44.284641500 tcpserver: status: 1/40 > 2006-04-28 14:29:44.285273500 tcpserver: pid 11562 from 81.19.227.226 > 2006-04-28 14:29:44.285356500 tcpserver: ok 11562 > 0:80.165.0.78:25 :81.19.227.226::56145 > 2006-04-28 14:29:44.287479500 qmail-smtpd 11562: connection from > 81.19.227.226 (unknown) to 0 > 2006-04-28 14:29:44.287484500 qmail-smtpd 11562: enabled options: > sanitycheck returnmxcheck rcptcheck smtp-auth rejectexecutables > 2006-04-28 14:29:44.296241500 qmail-smtpd 11562: remote ehlo: linet.dk > 2006-04-28 14:29:44.307531500 qmail-smtpd 11562: mail from: > root <at> linet.dk > 2006-04-28 14:29:44.307533500 qmail-smtpd 11562: SPF not checked > 2006-04-28 14:29:44.316910500 qmail-smtpd 11562: rcpt to: > mkjsdfds-sddfdsfsdfsd <at> norrehus.dk > 2006-04-28 14:29:44.316947500 qmail-smtpd 11562: recipient verify, > recipient not in goodmailaddr > 2006-04-28 14:29:44.316951500 qmail-smtpd 11562: recipient verify, > recipient is local > 2006-04-28 14:29:44.319131500 init_ldap: control/ldapserver: > 'ldap.orholm.dk' > 2006-04-28 14:29:44.319156500 init_ldap: control/ldapbasedn: > dc=orholm,dc=dk > 2006-04-28 14:29:44.319159500 init_ldap: control/ldapobjectclass: > qmailuser > 2006-04-28 14:29:44.319215500 init_ldap: control/ldaptimeout: 30 > 2006-04-28 14:29:44.319217500 init_ldap: control/ldaprebind: 0 > 2006-04-28 14:29:44.319233500 init_ldap: control/ldapdefaultdotmode: > dotonly > 2006-04-28 14:29:44.319249500 init_ldap: control/defaultquotasize: 0 > 2006-04-28 14:29:44.319251500 init_ldap: control/defaultquotacount: 0 > 2006-04-28 14:29:44.319253500 init: control/ldaplocaldelivery: 1 > 2006-04-28 14:29:44.319269500 qmail-verfiy: verifying > mkjsdfds-sddfdsfsdfsd <at> norrehus.dk > 2006-04-28 14:29:44.319766500 qldap_open: init successful > 2006-04-28 14:29:44.319794500 qldap_set_option: set referrals successful > 2006-04-28 14:29:44.320539500 qldap_bind: successful > 2006-04-28 14:29:44.320572500 ldapfilter: > '(&(objectClass=qmailuser)(|(mail=mkjsdfds-sddfdsfsdfsd <at> norrehus.dk)(mailAlternateAddress=mkjsdfds-sddfdsfsdfsd <at> norrehus.dk)))' > 2006-04-28 14:29:44.321168500 qldap_lookup: search for > (&(objectClass=qmailuser)(|(mail=mkjsdfds-sddfdsfsdfsd <at> norrehus.dk)(mailAlternateAddress=mkjsdfds-sddfdsfsdfsd <at> norrehus.dk))) succeeded > 2006-04-28 14:29:44.321201500 qldap_lookup: Nothing found > 2006-04-28 14:29:44.321202500 ldapfilter: > '(&(objectClass=qmailuser)(|(mail=catchall <at> norrehus.dk)(mailAlternateAddress=catchall <at> norrehus.dk)))' > 2006-04-28 14:29:44.321741500 qldap_lookup: search for > (&(objectClass=qmailuser)(|(mail=catchall <at> norrehus.dk)(mailAlternateAddress=catchall <at> norrehus.dk))) succeeded > 2006-04-28 14:29:44.321745500 qldap_lookup: Nothing found > 2006-04-28 14:29:44.323092500 qmail-smtpd 11562: bad recipient: > mkjsdfds-sddfdsfsdfsd <at> norrehus.dk > 2006-04-28 14:29:44.323096500 qmail-smtpd 11562: message denied: Sorry, > no mailbox here by that name. (#5.1.1) > 2006-04-28 14:29:44.332185500 qmail-smtpd 11562: quit, closing > connection > 2006-04-28 14:29:44.332989500 tcpserver: end 11562 status 0 > 2006-04-28 14:29:44.332992500 tcpserver: status: 0/40 > --- > > Hope this help. > > /Mikkel > > > On Wed, 2006-04-26 at 13:56 +0200, Claudio Jeker wrote: > > > On Wed, Apr 26, 2006 at 01:09:15PM +0200, Mikkel Kruse Johnsen wrote: > > > Hej Claudio > > > > > > I'm using the newest 20060201 patch. > > > > > > /Mikkel > > > > > > Just to verify that I have processed the tcprules, as you can see it > > > works for non existing users. > > > > > > > Can you build a qmail-ldap version with DEBUG and send me the output of > > qmail-smtpd when run with LOGLEVEL 255 (you only need to replace > > qmail-verify with a debug version). > > > > > -- > > > 2006-04-26 13:07:00.738381500 tcpserver: pid 31358 from 130.226.47.171 > > > 2006-04-26 13:07:00.738383500 tcpserver: ok 31358 > > > 0:192.38.9.203:25 :130.226.47.171::42908 > > > 2006-04-26 13:07:00.740976500 qmail-smtpd 31358: connection from > > > 130.226.47.171 (unknown) to 0 > > > 2006-04-26 13:07:00.740981500 qmail-smtpd 31358: enabled options: > > > sanitycheck returnmxcheck spfbehavior-fail(3) rblcheck rcptcheck > > > smtp-auth rejectexecutables > > > 2006-04-26 13:07:00.743433500 qmail-smtpd 31358: remote ehlo: > > > mail.cbs.dk > > > 2006-04-26 13:07:00.745881500 qmail-smtpd 31358: mail from: > > > mkj.lib <at> cbs.dk > > > 2006-04-26 13:07:00.753028500 qmail-smtpd 31358: SPF checking comleted > > > 2006-04-26 13:07:00.914284500 qmail-smtpd 31358: RBL check with > > > 'sbl.spamhaus.org': no match found, continue. > > > 2006-04-26 13:07:00.967662500 qmail-smtpd 31358: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:07:01.014700500 qmail-smtpd 31358: RBL check with > > > 'list.dsbl.org': no match found, continue. > > > 2006-04-26 13:07:01.062368500 qmail-smtpd 31358: RBL check with > > > 'bl.spamcop.net': no match found, continue. > > > 2006-04-26 13:07:01.066974500 qmail-smtpd 31358: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:07:01.197600500 qmail-smtpd 31358: RBL check with > > > 'spamguard.leadmon.net': no match found, continue. > > > 2006-04-26 13:07:01.197633500 qmail-smtpd 31358: RBL checking completed > > > 2006-04-26 13:07:01.258659500 qmail-smtpd 31358: rcpt to: > > > sdfsdfsd <at> metier.dk > > > 2006-04-26 13:07:01.258708500 qmail-smtpd 31358: recipient verify, > > > recipient not in goodmailaddr > > > 2006-04-26 13:07:01.258735500 qmail-smtpd 31358: recipient verify, > > > recipient is local > > > 2006-04-26 13:07:01.288559500 qmail-smtpd 31358: bad recipient: > > > sdfsdfsd <at> metier.dk > > > 2006-04-26 13:07:01.288609500 qmail-smtpd 31358: message denied: Sorry, > > > no mailbox here by that name. (#5.1.1) > > > 2006-04-26 13:07:01.289293500 qmail-smtpd 31358: 'rcpt to' first > > > 2006-04-26 13:07:01.462654500 qmail-smtpd 31358: quit, closing > > > connection > > > 2006-04-26 13:07:01.463029500 tcpserver: end 31358 status 0 > > > -- > > > 2006-04-26 13:08:29.624461500 tcpserver: pid 31366 from 130.226.47.171 > > > 2006-04-26 13:08:29.624463500 tcpserver: ok 31366 > > > 0:192.38.9.203:25 :130.226.47.171::42924 > > > 2006-04-26 13:08:29.624466500 qmail-smtpd 31366: connection from > > > 130.226.47.171 (unknown) to 0 > > > 2006-04-26 13:08:29.624469500 qmail-smtpd 31366: enabled options: > > > sanitycheck returnmxcheck spfbehavior-fail(3) rblcheck rcptcheck > > > smtp-auth rejectexecutables > > > 2006-04-26 13:08:29.625531500 qmail-smtpd 31366: remote ehlo: > > > mail.cbs.dk > > > 2006-04-26 13:08:29.628063500 qmail-smtpd 31366: mail from: > > > mkj.lib <at> cbs.dk > > > 2006-04-26 13:08:29.635120500 qmail-smtpd 31366: SPF checking comleted > > > 2006-04-26 13:08:29.640110500 qmail-smtpd 31366: RBL check with > > > 'sbl.spamhaus.org': no match found, continue. > > > 2006-04-26 13:08:29.693464500 qmail-smtpd 31366: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:08:29.740485500 qmail-smtpd 31366: RBL check with > > > 'list.dsbl.org': no match found, continue. > > > 2006-04-26 13:08:29.775458500 qmail-smtpd 31366: RBL check with > > > 'bl.spamcop.net': no match found, continue. > > > 2006-04-26 13:08:29.780042500 qmail-smtpd 31366: RBL check with > > > 'relays.ordb.org': no match found, continue. > > > 2006-04-26 13:08:29.784725500 qmail-smtpd 31366: RBL check with > > > 'spamguard.leadmon.net': no match found, continue. > > > 2006-04-26 13:08:29.784756500 qmail-smtpd 31366: RBL checking completed > > > 2006-04-26 13:08:29.811783500 qmail-smtpd 31366: rcpt to: > > > mkd-dsfdsf <at> metier.dk > > > 2006-04-26 13:08:29.811823500 qmail-smtpd 31366: recipient verify, > > > recipient not in goodmailaddr > > > 2006-04-26 13:08:29.811850500 qmail-smtpd 31366: recipient verify, > > > recipient is local > > > 2006-04-26 13:08:29.850975500 qmail-smtpd 31366: bad recipient: > > > mkd-dsfdsf <at> metier.dk > > > 2006-04-26 13:08:29.851027500 qmail-smtpd 31366: message denied: Sorry, > > > no mailbox here by that name. (#5.1.1) > > > 2006-04-26 13:08:29.851717500 qmail-smtpd 31366: 'rcpt to' first > > > 2006-04-26 13:08:30.037195500 qmail-smtpd 31366: quit, closing > > > connection > > > 2006-04-26 13:08:30.037567500 tcpserver: end 31366 status 0 > > > 2006-04-26 13:08:30.037569500 tcpserver: status: 0/40 > > > -- > > > > > > > > > On Wed, 2006-04-26 at 12:24 +0200, Claudio Jeker wrote: > > > > > > > On Wed, Apr 26, 2006 at 08:59:11AM +0200, Claudio Jeker wrote: > > > > > On Wed, Apr 26, 2006 at 08:49:27AM +0200, Mikkel Kruse Johnsen wrote: > > > > > > Hi > > > > > > > > > > > > I have a problem, have just been pointed out that my qmail ldap is an > > > > > > reverse open relay, meaning that sending a mail to a non existing user > > > > > > on my domain will result i a bounce to the "mail from:" address and that > > > > > > can be faked. > > > > > > > > > > > > So adding "RCPTCHECK" to the environment should do it. > > > > > > > > > > > > :allow,SMTPAUTH="",RETURNMXCHECK="",SANITYCHECK="",RCPTCHECK="",REJECTEXEC="",QHPSI="/usr/bin/clamdscan",QHPSIARG1="--no-summary",LOGLEVEL="4" > > > > > > > > > > > > That will make the SMTP connection disconnect if the user is not in the > > > > > > LDAP. > > > > > > > > > > > > But sending a mail to a valid user with "-something" after like > > > > > > "mkj-dfdsfsdfsdfds <at> metier.dk" will get accepted. I have compiled without > > > > > > DASH_EXT. > > > > > > > > > > > > What could be the problem ? > > > > > > > > > > > > > > > > Hmpf. Smells like a bug. I'll have a look at it. > > > > > > > > > > > > > I can not reproduce it. > > > > > > > > 250 ok > > > > rcpt to: <test-nonexistant <at> regress.qmail-ldap.org> > > > > qmail-smtpd 20924: rcpt to: test-nonexistant <at> regress.qmail-ldap.org > > > > qmail-smtpd 20924: recipient verify, recipient not in goodmailaddr > > > > qmail-smtpd 20924: recipient verify, recipient is local > > > > qmail-smtpd 20924: bad recipient: test-nonexistant <at> regress.qmail-ldap.org > > > > qmail-smtpd 20924: message denied: Sorry, no mailbox here by that name. (#5.1.1) > > > > 554 Sorry, no mailbox here by that name. (#5.1.1) > > > > > > > > What version of qmail-ldap are you using? > > > > > > > > > > Mikkel Kruse Johnsen > > > Linet > > > Ørholmgade 6 st tv > > > 2200 København N > > > > > > Tlf: +45 2128 7793 > > > email: mikkel <at> linet.dk > > > www: http://www.linet.dk > > > > Med Venlig Hilsen > > Linet > Tlf: > 21287793 > Mikkel Kruse Johnsen > Direkte: > 21287793 > Ørholmgade 6 st. tv > email: > mikkel <at> linet.dk > DK-2200 København N > web: > http://www.linet.dk > >
Mikkel Kruse Johnsen
Linet
Ørholmgade 6 st tv
2200 København N

Tlf: +45 2128 7793
email: mikkel <at> linet.dk
www: http://www.linet.dk
Aziz Maz | 1 May 15:46 2006
Picon
Picon

ldap lookup balancing

hi,
 i am sure some of you are using multiple ldap servers
 to balance the load stemming from concurrent lookups
 required by pop,imap,smtp(recipient check), etc.

 i am thinking to do the same thing since sometimes
 i get "temporary ldap lookup failure" soft error
 from qmail-smtpd logs.

 there is no problem in synchronizing the ldap data.
 after synchronizing ldap servers which of the following
 is the best way to go for balancing ?

 1. do the balancing using DNS round-robin
 2. map each service(on the same machine) with one ldap server
    (i think this is not possible with current qmail-ldap, right?)
 3. do the 2. with different machines only one service on each.
 4. or any other idea ?

 thanks in advance,
 .aziz

Mark Farver | 1 May 18:17 2006

Re: ldap lookup balancing

Aziz Maz wrote:

> hi,
> i am sure some of you are using multiple ldap servers
> to balance the load stemming from concurrent lookups
> required by pop,imap,smtp(recipient check), etc.
>
> i am thinking to do the same thing since sometimes
> i get "temporary ldap lookup failure" soft error
> from qmail-smtpd logs.
>
Check your ldap server config.  One LDAP server should have no problem 
keeping up with one mail server.  You are probably not indexing on some 
critical search attributes.  ("mail" and "mailAlternateAddress" are 
searched a lot by qmail-ldap)  I was having the same problem....

In open ldap you add something like this to your slapd.conf (from 
memory, so double check this)
---snip--
index mail,mailAlternateAddress              eq,pres,sub
----------
Mark Farver

Aziz Maz | 2 May 00:44 2006
Picon
Picon

Re: ldap lookup balancing

Mark Farver wrote:

> Aziz Maz wrote:
>
>> hi,
>> i am sure some of you are using multiple ldap servers
>> to balance the load stemming from concurrent lookups
>> required by pop,imap,smtp(recipient check), etc.
>>
>> i am thinking to do the same thing since sometimes
>> i get "temporary ldap lookup failure" soft error
>> from qmail-smtpd logs.
>>
> Check your ldap server config.  One LDAP server should have no problem 
> keeping up with one mail server.  You are probably not indexing on 
> some critical search attributes.  ("mail" and "mailAlternateAddress" 
> are searched a lot by qmail-ldap)  I was having the same problem....
>
> In open ldap you add something like this to your slapd.conf (from 
> memory, so double check this)
> ---snip--
> index mail,mailAlternateAddress              eq,pres,sub
> ----------
> Mark Farver
>
>
>
already done that,
in my slapd.conf i have:

index   objectClass     pres,eq
index   mail,mailAlternateAddress,uid   pres,eq,sub
index   accountStatus,mailHost,deliveryMode    eq

also, checked bdb stats via "db_stat -m" and found
no problem in hit ratio (%99),
but i still continue to get the error per two or three minutes.

what could be the problem ?
hardware (1GB ram)? network ?

.aziz

Rony | 2 May 12:33 2006

qmail-date-localtime.patch..Please Help Mee.!!

I have used Qmail-ldap, but In  My thunderbird  and webmail   date/time
often  wrong ...
And I want  use  qmail-date-localtime.patch...How to use  this Patch  ??
For infomation I Use qmailldap 20060201

Please Help me..!!

Brian T Glenn | 2 May 14:33 2006
Picon

Re: RCPTCHECK using remote ldap server

On Wed, Apr 26, 2006 at 02:58:47AM +0530, Rajkumar S may have written:
> 
> I tried to give administrator username and password to qmail to discount 
> any issues with permissions, but that did not work. The same ldap 
> database is used by second machine to deliver mails locally, so that 
> part is also fine. Any ldap attribute required when smtproutes is 
> involved? Any clues?

Another method that Claudio Jeker suggested to me a while back is 
building stock qmail and qmail-ldap together on the same box. Then 
install qmail-smtpd and qmail-verify on top of the stock qmail 
installation. This will give you the extra features in qmail-smtpd from 
qmail-ldap, but the delivery mechanism from stock qmail. This is working 
well on my backup MX.

Cheers,
--

-- 
Brian T Glenn
delink.net Internet Services

we all block port 79/tcp (finger); what port is 'tentacle' ?? --Tanuki
Attachment (smime.p7s): application/x-pkcs7-signature, 5115 bytes
Scott Ryan | 3 May 19:31 2006

qmail-command exit codes

Hi, I am using maildrop via deliveryProgramPath attribute to do some filtering 
and then to deliver the mail to users' maildirs. This is working fine except 
that if a user is over quota, the message is not bounced, but rather is 
deferred and then sits in the local queue. This would be ok if we did not 
have such a large system as obviously the local queue grows dramatically.

Maildrop identifies that the maildir is over quota, but then sends a return 
code of -1, I assume to qmail-local.

I patched maildrop to return 77, which should be a hard error according to:
http://www.qmail.org/man/man8/qmail-command.html, but the mail is still not 
bounced.

any help here would be appreciated.
-- 
slr,

ISP Systems Specialist
Telkom Internet
#qmail-ldap,#solaris & #mandriva  <at>  freenode
#qmail,#solaris  <at>  efnet

"Windows?? You mean the thirty-two bit extension and graphical shell to a 
sixteen-bit patch to an eight-bit operating system originally coded for a 
four-bit microprocessor which was written by a two-bit company that can't 
stand one bit of competition? Oh, that..." -- Lee Clarke

----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/MU/E d? s+:+ a- C++++>+++++ USL++++$ P++++ !E(---)W+ <at>  !N
o?(--) K? !w(---) O- M+ V PS+ <at>  PE Y-- PGP++>+++ !t(---) !5 !X
R-- !tv b(++) DI++ !D(----) G+++>++++ e++>* h----(*) r+++ y++++
-----END GEEK CODE BLOCK------

Emili | 4 May 19:14 2006

disable forwarding from specific sender

Hello,

I have qmail-ldap with maildrop as delivery program. Some user accounts 
have defined mail forwarding addresses.
We want do filter some mails by subject or sender. We can do it for local 
deliveries with maildrop, but the forwarding messages are sent anyway 
because is not maildrop job.
Anyone knows how can we filter this mail forwarding based on this parameters?

Vicente Aguilar | 4 May 20:28 2006
Picon

Re: ldap lookup balancing

El mar, 02-05-2006 a las 01:44 +0300, Aziz Maz escribió:

> also, checked bdb stats via "db_stat -m" and found
> no problem in hit ratio (%99),
> but i still continue to get the error per two or three minutes.
> 
> what could be the problem ?
> hardware (1GB ram)? network ?

LDAP's threads vs. SMTP/POP/IMAP concurrency?

If I recall correctly, OpenLDAP defaults to 32 threads or so. If your
mail server has a considerable amount of traffic, that could be a
bottleneck.

--

-- 
 Vicente Aguilar <vjaguilar <at> renr.es>
 Departamento de Sistemas
 Tlf.: 965 98 71 92

 Recursos en la Red, S.L.U.
 http://www.renr.es

Philipp Wagner | 4 May 21:06 2006

Re: qmail-command exit codes

Scott Ryan schrieb:
> Hi, I am using maildrop via deliveryProgramPath attribute to do some filtering 
> and then to deliver the mail to users' maildirs. This is working fine except 
> that if a user is over quota, the message is not bounced, but rather is 
> deferred and then sits in the local queue. This would be ok if we did not 
> have such a large system as obviously the local queue grows dramatically.
> 
> Maildrop identifies that the maildir is over quota, but then sends a return 
> code of -1, I assume to qmail-local.
> 
> I patched maildrop to return 77, which should be a hard error according to:
> http://www.qmail.org/man/man8/qmail-command.html, but the mail is still not 
> bounced.

Try to use return code 100 (permanent error: bounce)

Philipp


Gmane