New simscan 1.0.7 release

simscan 1.0.7 is now available.

http://www.inter7.com/simscan/
Simscan is a simple program that enables qmail-smtpd to reject viruses, spam
and block attachments during the SMTP conversation so the email never makes
it into your computers. It is completely open source and uses other open
source components. Very efficient and written in C.

ChangeLog http://www.inter7.com/simscan/ChangeLog

New Features/Changes in this version:

Support for SpamAssassin 3.0 and Trophie virus scanner. Support to
enable/disable any feature on a per user, per domain and system wide level.
Received headers can contain version information for spamassassin and virus
scanner. Three spamassassin settings 1) pass modified email through to user
2) block spam 3) block spam over a high water mark. List of optional
attachments to block from a control file. Updated permission settings for
better portability. New logging to show ip, to/from users in smtp log file
for any blocked virus. Many new debugging statements that can be enabled by
an environment variable.

--
Ken Jones
inter7.com

chkuser and smtproutes

Greetings,

I have been considering using the chkuser patch in conjunction with
simscan.  I've looked at the docs and FAQs, but can't find anything
that talks about how chkuser works with a domain in smtproutes.  Is
there a way that chkuser could accept e-mail to any account in one
particular domain?  Is there support for smtproutes?  I have a few
domains that forward to exchange boxes.

I did Google for smtproutes both on inter7.com and interazioni.it,
finding nothing.  Found two threads on the mailing list archives,
but didn't get a distinct answer.  Sorry if this is a FAQ.

PK

Re: chkuser and smtproutes

On Monday 01 November 2004 03:44 pm, Kleiner, Peter wrote:
> Greetings,
>
> I have been considering using the chkuser patch in conjunction with
> simscan.  I've looked at the docs and FAQs, but can't find anything
> that talks about how chkuser works with a domain in smtproutes.  Is
> there a way that chkuser could accept e-mail to any account in one
> particular domain?  Is there support for smtproutes?  I have a few
> domains that forward to exchange boxes.

chkuser unconditionally accepts mail for domains in rcpthosts that are not in 
virtualdomains, and also if it is unable to read the vpopmail information 
(for instance, if you are running qmail-smtpd as the qmaild user)

-Jeremy

--

-- 
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  jeremy <at> inter7.com ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
        kitchen  <at>  #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
           GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc

Re: chkuser and smtproutes

On Monday 01 November 2004 03:44 pm, Kleiner, Peter wrote:
> Greetings,
>
> I have been considering using the chkuser patch in conjunction with
> simscan.  I've looked at the docs and FAQs, but can't find anything
> that talks about how chkuser works with a domain in smtproutes.  Is
> there a way that chkuser could accept e-mail to any account in one
> particular domain?  Is there support for smtproutes?  I have a few
> domains that forward to exchange boxes.
>
> I did Google for smtproutes both on inter7.com and interazioni.it,
> finding nothing.  Found two threads on the mailing list archives,
> but didn't get a distinct answer.  Sorry if this is a FAQ.

You might be able to dump a list of the exchange users to a file.
Then we have a patch to the old chk user that implements a
check against domains in smtproutes and in the list of exchange users.
Helps block dictionary spam attacks on your exchange accounts.

Ken

Advice Please

I seem to have discovered a relay vulnerability.  It seems that a rcpt 
to: in the form of,

  <spamlart.homeunix.org!spamtest65.223.68.197>

Gets past.  Any idea's??

I have checked as far as I can determine to eliminate this but it seems 
to still work.

- Bill

Re: chkuser and smtproutes

Jeremy Kitchen wrote:
> 
> chkuser unconditionally accepts mail for domains in rcpthosts that are not in
> virtualdomains, and also if it is unable to read the vpopmail information
> (for instance, if you are running qmail-smtpd as the qmaild user)

Jeremy,

That's exactly the information I was searching for.  Thanks to Ken also
for his suggestion about exporting the Exchange list.

Pete

Sufix domain dir and domaindir independent patch

Re: Advice Please

On Monday 01 November 2004 05:47 pm, Bill Sappington wrote:
> I seem to have discovered a relay vulnerability.  It seems that a rcpt
> to: in the form of,
>
>   <spamlart.homeunix.org!spamtest65.223.68.197>
>
> Gets past.  Any idea's??
Check the log files to see if the email was actually relayed out.

>
> I have checked as far as I can determine to eliminate this but it seems
> to still work.

I bet it is either a misconfiguration of your server or
a bad interpretation of a relay test.

--
Ken Jones
inter7.com

Re: Advice Please

Your question is not related to vpopmail in any way.  I will assume that
it's a qmail question and advise that you take any further
correspondence with this post to the qmail list.

That being said:

On Mon, 2004-11-01 at 15:47 -0800, Bill Sappington wrote:
> I seem to have discovered a relay vulnerability.  It seems that a rcpt 
> to: in the form of,
> 
>   <spamlart.homeunix.org!spamtest65.223.68.197>
> 
> Gets past.  Any idea's??

Right.  There's no  <at> .  qmail will accept the message, try to deliver it
locally to the value of the control/defaultdomain file (or control/me if
the former doesn't exist), and subsequently bounces the message.

Regardless, where would you expect that message to go?  The envelope
recipient has no information that would make qmail know where to deliver
it.

This is not a vulnerability.  qmail is not doing anything bad here.

-Jeremy

--

-- 
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
  jeremy <at> inter7.com ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
        kitchen  <at>  #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
           GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc

High server load with large number of files in maildir

I recently have been moving user domains from an old qmail+vpopmail server
to a new one due in large part to hugely increased spam filter load
(grumble). Anyway, I found one user with some 5+ GB of presumably all spam
in their postmaster account (which was a catch all). The new box defaults
to "set no catch-all" for exactly this kind of reason...

Here's the problem though: I saw a very significant drop in server load
when I deleted the hundreds of thousands of messages in that one user
account. The server was apparently spending a lot of time dealing with
deliveries to this one very full mailbox. This concerns me a bit since
we're running IMAP now and I could see mailboxes with thousands of
legitimate messages building up over time, and would not want to bog the
system down if I have users that never delete messages.

Does anyone know of a way to alleviate this problem without forcing
quotas? Right now we bill on disk space use, and don't set per-user or
per-domain quotas, which is popular with our customers since many of them
routinely send CAD drawings as file attachments.

I know qmail and ezmlm have hierarchical directory structures in their
queues to help with this problem, but I'm not aware of such a feature for
user maildirs.

     -Bill

*****************************
Waveform Technology
UNIX Systems Administrator