David Favor | 17 Jul 16:18 2014

qpsmtpd-async weird ParaDNS lookup problem

I've been running qpsmtpd-async for years on all sorts of servers.

Likely I have something in DNS setup slightly wrong on a new server
I'm setting up + what's wrong escapes me.

The symptom is qpsmtpd-async hanging forever in the HELO sequence.

Both forkserver + prefork work fine + async works so much better,
I'd like to resolve this problem.

Here's an example of the problem...

Listen child making a Qpsmtpd::PollServer for 7.
11869 in config(plugins)
11869 config(plugins) returning (resolve_sender_host dont_require_anglebrackets rcpt_simple
test <at> newswire.net chris <at> newswire.net doug <at> newswire.net support <at> newswire.net accounting <at> newswire.net
sales <at> newswire.net debrown <at> newswire.net maildir /cluster/clients/ivan-budimir
%d/users/%l/Maildir) from cache
DNS failure looking for 127.0.0.1 after 0 secs (looked for 1, got 0)
11869 (connect) running plugin: resolve_sender_host
11869 (connect) resolve_sender_host: DEBUG: ip=127.0.0.1 host=localhost domain=localhost
11869 Plugin resolve_sender_host, hook connect returned DECLINED,
11869 in config(smtpgreeting)
11869 config(smtpgreeting) returning (Ready!) from cache

Notice this line emitted from ParaDNS...

    DNS failure looking for 127.0.0.1 after 0 secs (looked for 1, got 0)

Bind looks good...
(Continue reading)

Devin Carraway | 6 Jun 09:27 2014

[patch] Expand tls plugin docs concerning certificate chains

Perhaps counterintuitively, IO::Socket:SSL expects that multi-step SSL
cert chains must have the intermediate certs in the SSL_cert_file
path and not the SSL_ca_file path.  Add documentation on this point,
and a way of verifying cert configuration since most MTAs won't be
at all helpful in diagnosing SSL verification errors.

--

-- 
Devin  \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 4096R/9197B5F9: 9C64 37CD 1B7B 029D 0933  49EA 1E52 7672 9197 B5F9
Daniel Hauck | 31 May 01:00 2014
Picon

Re: sending from other address

Hey Matt,

thanks ;)

I changed the sql statement in the auth/auth_vpopmail_sql plugin.

But I thought that there is a cleaner way to do this ;)

Daniel
On 31.05.2014 00:54, Matt Simerson wrote:
> Try it and see. :)
>
> Matt
>
> On May 30, 2014, at 3:51 PM, Daniel Hauck <daniel <at> hauck.it> wrote:
>
>> Hey guys,
>>
>> has qpsmtpd the ability that I can login as foo <at> mail.de and
>> send as bar <at> mail.de?
>>
>> I authenticate against vpopmail.
>>
>> Is there a built-in function or a hack for this?
>>
>> Thanks a lot :)
>>
>> Best regards,
>> Daniel

(Continue reading)

Daniel Hauck | 31 May 00:51 2014
Picon

sending from other address

Hey guys,

has qpsmtpd the ability that I can login as foo <at> mail.de and
send as bar <at> mail.de?

I authenticate against vpopmail.

Is there a built-in function or a hack for this?

Thanks a lot :)

Best regards,
Daniel

Jared Johnson | 27 May 06:19 2014
Picon

Seeking senior perl dev with QP experience

Hi all,

My employer (eFolder, Inc - www.efolder.net) is seeking a senior Perl 
developer to join our team working on our email security software.  I 
respect a lot of the regulars on this list, and our software is built 
with qpsmtpd, so I'm hoping some among you might be available and 
interested in the position.  If so, you can find further details here:

http://goo.gl/rgecQJ

Just a quick plug, this is a 100% telecommute position with amazing 
benefits, and in my personal experience, eFolder is the best employer 
I've ever worked for.  Feel free to contact me directly with informal 
questions about the position, I would be working alongside whoever fills 
this role.

Thanks for reading!

-Jared

Charlie Brady | 28 Apr 20:02 2014
Picon
Picon

Re: Yahoo's DMARC debacle (fwd)


On Mon, 28 Apr 2014, Matt Simerson wrote:

> On Apr 28, 2014, at 10:57 AM, Charlie Brady <charlieb-qpsmtpd <at> budge.apana.org.au> wrote:
> 
> > I'm guessing that Matt didn't intend this information to be private to me.
> 
> Correct, but perl.org is rejecting all messages from domains with DMARC 
> p=reject policies, which includes mine, yahoo.com, and aol.com.

What a fine club you have elected yourself into! :-)

> 
> Matt
> 
> 
> > ---------- Forwarded message ----------
> > Date: Mon, 28 Apr 2014 09:45:55 -0700
> > From: Matt Simerson <matt <at> tnpi.net>
> > To: Charlie Brady <charlieb-qpsmtpd <at> budge.apana.org.au>
> > Subject: Re: Yahoo's DMARC debacle
> > 
> > 
> > On Apr 28, 2014, at 6:13 AM, Charlie Brady <charlieb-qpsmtpd <at> budge.apana.org.au> wrote:
> > 
> >> On Sun, 27 Apr 2014, Matt Simerson wrote:
> >> 
> >>>> and are dealing with the fallout.
> >>> 
> >>> I dealt with the "fallout" on my mailing lists in May of 2013:
(Continue reading)

Charlie Brady | 28 Apr 20:00 2014
Picon
Picon

Re: Yahoo's DMARC debacle


On Mon, 28 Apr 2014, Matt Simerson wrote:

> > So either DKIM isn't relevant, or something else in my 
> > qpsmtpd/qmail/ezmlm-idx chain is breaking DKIM. Any suggestions?
> 
> If ezmlm isn't adding a list prefix or message trailers, then it's 
> unlikely that ezmlm is breaking the messages DKIM signatures.
> 
> Are you using any QP plugins that alter list messages?

Not specifically, and not as far as I know.

>  (The addition of X-* and Received headers are generally DKIM agnostic). 
> Altering any message header specifically listed in the DKIM-Signature h 
> property, or the altering the message body (attachment stripping, 
> charset conversion, etc.) are the types of changes that are likely to 
> invalidate a DKIM signature.

ezmlm is quite likely to be stripping attachments.

> The way to test is create yourself a new list and subscribe to it from a 
> gmail or yahoo address. Then send messages to the list and check their 
> headers when they return to your freemail account. Gmail will filter 
> them to the Junk folder if they fail SPF or DMARC tests.

Thanks. I'll do that, then send an invoice for my time to yahoo. :-)

> 
> Matt
(Continue reading)

Charlie Brady | 28 Apr 15:20 2014
Picon
Picon

Re: Yahoo's DMARC debacle


On Sun, 27 Apr 2014, Matt Simerson wrote:

> If you're operating a mailing list, you have 3 choices:
> 
>    1. Don't break DKIM
>    2. If you insist upon breaking DKIM by adding subject prefixes and message trailers, take ownership of the
message by changing the From address to your own domain.
>    3. Alter the From address and add the original senders address to the Reply-To header.

So my question remains, does anyone have working qpsmtpd plugins for doing 
such transformation on mailing list messages?

Charlie Brady | 28 Apr 15:13 2014
Picon
Picon

Re: Yahoo's DMARC debacle


On Sun, 27 Apr 2014, Matt Simerson wrote:

> > and are dealing with the fallout.
> 
> I dealt with the "fallout" on my mailing lists in May of 2013:
> 
> 	http://matt.simerson.net/news/2013/05/01/dkim-and-mailing-lists

Your "fix":

> cd path/to/ezmlm/list; rm prefix  text/trailer addtrailer

doesn't work for me:

bash-3.00$ ls prefix  text/trailer addtrailer
ls: prefix: No such file or directory
ls: text/trailer: No such file or directory
ls: addtrailer: No such file or directory
bash-3.00$

So either DKIM isn't relevant, or something else in my 
qpsmtpd/qmail/ezmlm-idx chain is breaking DKIM. Any suggestions?

Charlie Brady | 27 Apr 17:47 2014
Picon
Picon

Yahoo's DMARC debacle


I'm sure that many of you know about this:

http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html

and are dealing with the fallout. I'm interested to know what people are 
doing about it. Does anyone have working plugins?

I've seen suggestions about rewriting From addresses, and there's another 
one here - selectively rejecting messages with troublesome From: addresses 
with:

5.x.x DMARC p=reject not compatible with email sent to a mailing list

http://www.ietf.org/mail-archive/web/ietf/current/msg87253.html

Dan Langille | 25 Mar 20:21 2014

Any chance of a new release?

Hello,

Any chance of a new release?  I ask because I encountered this bug:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693179

which is fixed by this patch:

  https://github.com/smtpd/qpsmtpd/commit/1bfebd0bfd5e86f8ed4f770ba54846dc9d18e0ab

which went in about a year ago.

Four years without a new release is a long time.

Thanks.

— 
Dan Langille
dvl <at> biglist.com


Gmane