|
|
|
|
|
|
| Author |
Message |
Thanos Massias
*nix forums addict
Joined: 25 May 2005
Posts: 98
|
|
| Back to top |
|
 |
andy
*nix forums beginner
Joined: 22 Feb 2005
Posts: 29
|
 Posted: Tue Apr 18, 2006 2:57 pm Post subject:
RE: assign & folder rights
|
|
|
Yes...I've read that section too but since I still confused, I'd like to
try another *idea*.
Yes, I consider it another idea because I didn't actually know how it
supposed to work.
I have no domain specified inside 'locals'.
After re read again what was replied given since the beginning of my
email, and also some quick HOW-TO ( Virtual Hosts with Qmail by Keith
Burdis ), I realized other email accounts under virtual domains must be
mapped into real user under local domain or just forward the email to
another address.
After adding one of my domains into the 'locals' and reconfiguring the
virtualdomains, run another qmail-pw2u and qmail-newu, everything solved
!
I thank you all for your patience towards me  ( who had no clue at all
from the beginning ).
Best regards
Andy
-----Original Message-----
From: Richard Feldmann [mailto:rhun@oaksage.dyndns.org]
Sent: Friday, April 14, 2006 1:10 AM
To: qmail@list.cr.yp.to
Subject: Re: assign & folder rights
andy spake thusly on Fri, Apr 14, 2006 at 12:11:35AM +0700:
| Quote: | Yes, I've read 'man dot-qmail' and LWQ, and also Googling. It's been
more than a week actually before I push myself to ask to the mailing
list.
|
Are you *sure* you read lwq?:
http://www.lifewithqmail.com/lwq.html#gotchas
:)
Regards,
Richard |
|
| Back to top |
|
|
Chris Berry
*nix forums addict
Joined: 08 Jan 2005
Posts: 81
|
| Posted: Fri Apr 21, 2006 11:21 pm Post subject:
Re: Challenge Spam Filter
|
|
|
I like and use TMDA, but please, don't use TMDA as your ONLY anti-spam
tool, that just creates lots of annoyance for others. You want to set
up a system that sends out as few challenges as possible.
Chris Berry
chris_berry@jm-associates.com
Information Advisory Manager
JM Associates
“If you have a strong enough why you can bear almost any how.” --Nietzsche
Richard Feldmann wrote:
|
|
| Back to top |
|
|
Zembower, Kevin
*nix forums beginner
Joined: 27 Apr 2006
Posts: 8
|
| Posted: Thu Apr 27, 2006 5:43 pm Post subject:
RE: Is this normal: 'from <#@[]>'?
|
|
|
Charles, thanks for your suggestion. You didn't mention that you
yourself rewrote the patch. Thank you. For the archives, the patch is at
http://www.qmail.org/doublebounce-trim.patch.
Unfortunately, I'm trying to stay within the Debian package system, and
don't want to recompile qmail and reinstall. I'm thinking of just
creating a user to send doublebounces to, and forwarding them to
/dev/null.
Thanks, again, for your suggestion and help.
-Kevin
ginal Message-----
From: Charles Cazabon [mailto:qmail@discworld.dyndns.org]
Sent: Thursday, April 27, 2006 1:13 PM
To: qmail@list.cr.yp.to
Subject: Re: Is this normal: 'from <#@[]>'?
Zembower, Kevin <kzembowe@jhuccp.org> wrote:
| Quote: | Apr 26 09:38:51 main qmail: 1146058731.904736 info msg 178842: bytes
2123 from <#@[]> qp 16025 uid 72
|
That's normal. It's a double-bounce.
That's a problem. Double-bounces should be handled locally; they should
never
be transmitted via SMTP.
You may want to modify your system to drop double-bounces; see qmail.org
for
how.
Charles
--
------------------------------------------------------------------------
--
Charles Cazabon
<qmail@discworld.dyndns.org>
Read
http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for
details.
------------------------------------------------------------------------
-- |
|
| Back to top |
|
|
Joshua Megerman
*nix forums beginner
Joined: 29 Mar 2006
Posts: 9
|
| Posted: Thu Apr 27, 2006 5:43 pm Post subject:
Re: Is this normal: 'from <#@[]>'?
|
|
|
| Quote: | Zembower, Kevin <kzembowe@jhuccp.org> wrote:
Apr 26 09:38:51 main qmail: 1146058731.904736 info msg 178842: bytes
2123 from <#@[]> qp 16025 uid 72
That's normal. It's a double-bounce.
OK, that's what I suspected - I'm seeing the same thing myself. |
| Quote: | At this point, the 'from:' changes to "from <#@[]>"
which is forwarded correctly from postmaster@www.jhuccp.org, to
root@www.jhuccp.org to isgalert@jhuccp.org (which is a correctly
functioning inbox on another system).
That's a problem. Double-bounces should be handled locally; they should
never
be transmitted via SMTP.
What about the case where the postmaster address is forwarded to a remote |
mailbox?
| Quote: | You may want to modify your system to drop double-bounces; see qmail.org
for how.
In my case, I need to see the double-bounces. I run an internal mail |
relay server using qmail that is the mail relay point for all of our
internal unix systems. Occasionally, people typo an address in a form, or
in a script, which double-bounces because the initial machine is setup in
a send-only configuration but the from: address comes from that system, so
the bounce bounces. Getting these double-bounces helps me diagnose when
and where there's a problem, particularly when it's from a script.
Any suggestions for how to make this work? Do I need to set up a filter
that forwards the mail with a different sender perhaps?
Thanks,
Josh
--
Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
- Layman's translation of the Laws of Thermodynamics
qmail@honorablemenschen.com |
|
| Back to top |
|
|
Jeremy Kitchen
*nix forums Guru Wannabe
Joined: 14 Jan 2005
Posts: 212
|
| Posted: Thu Apr 27, 2006 7:19 pm Post subject:
Re: Is this normal: 'from <#@[]>'?
|
|
|
On Thursday 27 April 2006 10:43, you wrote:
| Quote: | That's a problem. Double-bounces should be handled locally; they should
never
be transmitted via SMTP.
What about the case where the postmaster address is forwarded to a remote
mailbox?
|
don't send doublebounces to postmaster, then.
see the qmail-send manpage for the doublebounceto and doublebouncehost control
files.
| Quote: | You may want to modify your system to drop double-bounces; see qmail.org
for how.
In my case, I need to see the double-bounces.
|
first question: why?
| Quote: | I run an internal mail
relay server using qmail that is the mail relay point for all of our
internal unix systems. Occasionally, people typo an address in a form, or
in a script, which double-bounces because the initial machine is setup in
a send-only configuration but the from: address comes from that system, so
the bounce bounces. Getting these double-bounces helps me diagnose when
and where there's a problem, particularly when it's from a script.
Any suggestions for how to make this work? Do I need to set up a filter
that forwards the mail with a different sender perhaps?
|
no, because what happens if that message doublebounces? the double bounce
gets rewritten again, forwarded, and double bounces again. This is why
double bounces /MUST/ be delivered locally.
You could use something like getmail to retrieve the messages from the relay
server to your normal email account, or simply set up a pop3 server on the
relay server and check the account periodically.
-Jeremy
--
Jeremy Kitchen ++ kitchen@scriptkitchen.com
http://ipaction.org/ -- defend your rights to fair use |
|
| Back to top |
|
|
Joshua Megerman
*nix forums beginner
Joined: 29 Mar 2006
Posts: 9
|
| Posted: Thu Apr 27, 2006 7:27 pm Post subject:
Re: Is this normal: 'from <#@[]>'?
|
|
|
| Quote: | On Thursday 27 April 2006 10:43, you wrote:
That's a problem. Double-bounces should be handled locally; they
should
never
be transmitted via SMTP.
What about the case where the postmaster address is forwarded to a
remote
mailbox?
don't send doublebounces to postmaster, then.
see the qmail-send manpage for the doublebounceto and doublebouncehost
control
files.
doublebounceto@doublebouncehost it is - I had forgotten about those 2 |
control files. Thanks for reminding me.
Josh
--
Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
- Layman's translation of the Laws of Thermodynamics
qmail@honorablemenschen.com |
|
| Back to top |
|
|
Michael Di Martino
*nix forums addict
Joined: 09 Jan 2005
Posts: 69
|
| Posted: Thu May 04, 2006 5:50 pm Post subject:
Re: off topic
|
|
|
A few messages ago a list member asked polity to take this off-topic
discussion off the list, and he was correct in asking. The topic is old
and it has nothing to do w/ qmail
And in Mr. Berry's defense I am sure he is not an idiot and name calling
is completely uncalled for and rather juvenile.
Please heed the request! |
|
| Back to top |
|
|
Leonard Budney
*nix forums Guru Wannabe
Joined: 17 Feb 2005
Posts: 128
|
| Posted: Thu May 04, 2006 6:19 pm Post subject:
Re: off topic
|
|
|
Michael Di Martino wrote:
| Quote: |
And in Mr. Berry's defense I am sure he is not an idiot and name calling
is completely uncalled for and rather juvenile.
|
You're entitled to your opinion, as others are to theirs. The point is
that repeatedly flouting the etiquette of the list will cause people to
killfile or ignore him, and his questions won't be answered. Simple as that.
| Quote: | Please heed the request!
|
The statement sounds like a command. Who the heck are you?
--Len. |
|
| Back to top |
|
|
Blair Lowe
*nix forums beginner
Joined: 28 Dec 2005
Posts: 28
|
| Posted: Mon May 08, 2006 10:42 pm Post subject:
blocking higher precedence MX servers from spammers
|
|
|
Hi,
I was looking for a way to block spammers from using higher procedence
level MX records.
A colleague suggested that some sort of firewall solution might work
with logic such as "if next lower primary MX up, ignore all incoming
mail for this server except from that lower precedence server".
Perhaps this is something that qmail itself could do, and perhaps there
is already a patch (I could not find one). Anyone want to comment on
whether they think that this is a job that qmail should be doing, and
whether there is a patch out there already?
Higher level mx precedence (eg. 20 30 40 ) grey listing may also a good
way to reduce spam, but if your lowest precedence (eg. 10) is a anti-
spam appliance, then your main mail server is a higher precedence (eg.
20), and you may not want grey listing on that server.
BTW, I do believe that a backup mail server is necessary in case of a
complete geographic loss of a location. For example, my mail servers in
NYC got hit by an airplane, so my backup servers in Oklahoma are now
queueing mail for the next week until I get a new primary server set up.
Thanks in advance,
Blair. |
|
| Back to top |
|
|
Charles Cazabon
*nix forums Guru
Joined: 08 Jan 2005
Posts: 805
|
| Posted: Tue May 09, 2006 12:23 am Post subject:
Re: blocking higher precedence MX servers from spammers
|
|
|
Blair Lowe <qmail@domainsunder.ca> wrote:
| Quote: |
I was looking for a way to block spammers from using higher procedence
level MX records.
|
The best way is to eliminate your backup MXes. DNS and SMTP tells the client
the difference between "no such domain" and "not accepting connections at the
moment"; clients will back off and try again.
Others choose to deploy dummy backup MXes that simply reject all mail, on the
grounds that only the spammers will try connecting to those machines. I
personally think that's a little riskier, unless they're physically hosted in
the same network and so suffer from identical connectivity.
What purpose do you think your backup MXes are serving?
Charles
--
--------------------------------------------------------------------------
Charles Cazabon <qmail@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
-------------------------------------------------------------------------- |
|
| Back to top |
|
|
Peter Kleiner
*nix forums beginner
Joined: 14 Mar 2005
Posts: 14
|
| Posted: Tue May 09, 2006 1:35 am Post subject:
Re: blocking higher precedence MX servers from spammers
|
|
|
Charles Cazabon wrote:
| Quote: | Blair Lowe <qmail@domainsunder.ca> wrote:
I was looking for a way to block spammers from using higher procedence
level MX records.
Others choose to deploy dummy backup MXes that simply reject all mail,
on the
grounds that only the spammers will try connecting to those machines.
This is something I've done, thanks to some guidance from Markus Stumpf. |
Since April 7, it has blocked 2,229 *connections* for only one of my
low-traffic domains.
| Quote: | I
personally think that's a little riskier, unless they're physically
hosted in
the same network and so suffer from identical connectivity.
I agree, and have done so. |
Setting this up was trivial. Install qmail as guided by LWQ. Have your
tcp.smtp file look as such:
127.:allow,RELAYCLIENT=""
:allow,QMAILQUEUE="/var/qmail/bin/tmperrqueue"
Then create a /var/qmail/bin/tmperrqueue like:
#!/bin/sh
cat > /dev/null
exit 71
Make it executable, add your domains to rcpthosts and locals, set up
your MX records, and you're set!
PK |
|
| Back to top |
|
|
Blair Lowe
*nix forums beginner
Joined: 28 Dec 2005
Posts: 28
|
| Posted: Tue May 09, 2006 4:37 pm Post subject:
Re: blocking higher precedence MX servers from spammers
|
|
|
On Mon, 2006-08-05 at 21:35 -0400, Peter Kleiner wrote:
| Quote: | Charles Cazabon wrote:
Blair Lowe <qmail@domainsunder.ca> wrote:
I was looking for a way to block spammers from using higher procedence
level MX records.
Others choose to deploy dummy backup MXes that simply reject all mail,
on the
grounds that only the spammers will try connecting to those machines.
This is something I've done, thanks to some guidance from Markus Stumpf.
Since April 7, it has blocked 2,229 *connections* for only one of my
low-traffic domains.
I
personally think that's a little riskier, unless they're physically
hosted in
the same network and so suffer from identical connectivity.
I agree, and have done so.
Setting this up was trivial. Install qmail as guided by LWQ. Have your
tcp.smtp file look as such:
127.:allow,RELAYCLIENT=""
:allow,QMAILQUEUE="/var/qmail/bin/tmperrqueue"
Then create a /var/qmail/bin/tmperrqueue like:
#!/bin/sh
cat > /dev/null
exit 71
Make it executable, add your domains to rcpthosts and locals, set up
your MX records, and you're set!
PK
|
Very cool!
A great spam trap, but I need mail backup.
Unfortunately, the anti-spam appliance is highest priority, and the
secondary is the real mail server, so we need to actually get mail on
the secondary server while the primary sorts through the junk.
Maybe I could Have the tcp.smtp file allow the lower priority MX's, but
in the case of a failure, we want to accept all mail, so there is the
rub (back to the firewall daemon solution I suppose).
One could also have a daemon or cron job check for the higher priority
servers being up, and then automatically change the tcp.rules
accordingly: kind of clunky, but simple.
TTYL,
Blair. |
|
| Back to top |
|
|
John R Levine
*nix forums beginner
Joined: 08 Mar 2005
Posts: 39
|
| Posted: Tue May 09, 2006 5:03 pm Post subject:
Re: blocking higher precedence MX servers from spammers
|
|
|
| Quote: | Unfortunately, the anti-spam appliance is highest priority, and the
secondary is the real mail server, so we need to actually get mail on
the secondary server while the primary sorts through the junk.
|
If I were you, I would not make the real mail server an MX at all,
but instead configure the appliance manually to know where to
send the filtered mail.
By the way, for a spam trap server, I much prefer to use rblsmtpd:
#!/bin/sh
RBLSMTPD="Mail service not available."
export RBLSMTPD
# block everything
exec tcpserver -u120 -g105 -v -p -c60 -R 10.1.1.1 smtp \
/usr/local/bin/rblsmtpd -r'localhost' \
/usr/local/bin/fixcrio \
/bin/echo "500 Internal error. You shouldn't see this" 2>&1
This rejects everything with 451 so if a real mail server stumbles on
it by mistake, it'll retry the real mail server later. If you want it
to do a 553 instead, put a hyphen at the front of the RBLSMTPD string.
R's,
John |
|
| Back to top |
|
|
Chris Garrigues
*nix forums beginner
Joined: 09 Jun 2005
Posts: 5
|
| Posted: Tue May 09, 2006 5:23 pm Post subject:
Re: blocking higher precedence MX servers from spammers
|
|
|
| Quote: | From: John Levine <johnl@iecc.com
Date: 9 May 2006 17:03:02 -0000
Unfortunately, the anti-spam appliance is highest priority, and the
secondary is the real mail server, so we need to actually get mail on
the secondary server while the primary sorts through the junk.
If I were you, I would not make the real mail server an MX at all,
but instead configure the appliance manually to know where to
send the filtered mail.
|
My real mail server is behind a firewall and I have two different firewalls
listed with MXes. I used to have my web server listed with a very high MX and
it returned 451 for everything, but I disabled that after discovering (through
user complaints) that there are some real mail servers who tried to send
everything there. Can you believe it?
Chris
--
Chris Garrigues Trinsic Solutions
President 710-B West 14th Street
Austin, TX 78701-1755
512-322-0180 http://www.trinsics.com
Would you rather proactively pay for
uptime or reactively pay for downtime?
Trinsic Solutions
Your Proactive IT Management Partner |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Tue Dec 02, 2008 6:11 am | All times are GMT
|
|
Secured Loans | Credit Cards | Hipster Blog | Mortgage | Credit Counseling
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Qmail
