Discussion:
qmail-inject/sendmail wrapper header problem
Henrik Muehe
2002-02-07 18:16:26 UTC
Permalink
Hello.

I've written a perl script which is using sendmail (actually the qmail
wrappter for sendmail => qmail-inject) to send an email. The program is
used within a .qmail file and *should* answer to mails and add them to a
database etc.

My problem is, that qmail doesn't look at the "From: ..." header and that
it doesn't send the mail anymore when using "sendmail -f". I guess that
this is because the vpopmail user isn't allowed to change "From:" header.
My question is, how can I get around this problem.

Thanks for your help,
Henrik
Johan Almqvist
2002-02-07 16:35:30 UTC
Permalink
Post by Henrik Muehe
I've written a perl script which is using sendmail (actually the qmail
wrappter for sendmail => qmail-inject) to send an email. The program is
used within a .qmail file and *should* answer to mails and add them to a
database etc.
My problem is, that qmail doesn't look at the "From: ..." header and that
it doesn't send the mail anymore when using "sendmail -f". I guess that
this is because the vpopmail user isn't allowed to change "From:" header.
My question is, how can I get around this problem.
Show us relevant parts of the script and the qmail logs.

-Johan
--
Johan Almqvist
http://www.almqvist.net/johan/qmail/
Markus Stumpf
2002-02-09 02:09:54 UTC
Permalink
readproctitle service errors: ........../run[10]: [: missing ]\n./run[10]: [: missing ]\n./run[10]: [: missing ]\n./run[10]: [: missing ]\n
either missing some brackets, colons, or \n's. But where? I
basically typed this directly in from The qmail Handbook, and
double/triple checked for syntactical errors.
Can't see any obvious (at least for me at that time of the day ;-)
errors. You may check, that there are no trailing spaces after the
lines ending with "\".

Also you can try to
sh -c ./run
the various run scripts from the commandline to hunt the erroneous one down.
Also one last bit of evidence. All of my log entries under
This is ok.
The msg number is the number of the inode qmail uses to store the
message in. It is simply reused by the system.

\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
Dave Sill
2002-02-11 14:59:47 UTC
Permalink
readproctitle service errors: ........../run[10]: [: missing ]\n./run[10]: [: missing ]\n./run[10]: [: missing ]\n./run[10]: [: missing ]\n
either missing some brackets, colons, or \n's. But where? I
basically typed this directly in from The qmail Handbook, and
double/triple checked for syntactical errors.
Why not download them from the Apress Web site?

http://www.apress.com/books/sourceCode/1893115402.zip

-Dave
Steven Boothe
2002-02-11 20:18:42 UTC
Permalink
Post by Markus Stumpf
readproctitle service errors: ........../run[10]: [: missing
missing ]\n
either missing some brackets, colons, or \n's. But where?
...
Can't see any obvious (at least for me at that time of the day ;-)
errors. You may check, that there are no trailing spaces after the
lines ending with "\".
Also you can try to
sh -c ./run
the various run scripts from the commandline to hunt the erroneous one down.
Hmmm curiously "sh -c ./run" displays the following errors:

[***@lososos qmail-smtpd]# sh -c ./run
tcpserver: fatal: unable to bind: address already used
[***@lososos qmail-smtpd]# sh -c ./log/run
multilog: fatal: unable to lock directory /var/log/qmail/smtpd:
temporary failure

Is this due to trying this while qmail is still running?

Also, I have found that using either qmailctl or svc to stop
qmail-smtpd/send does not really give me the result of being able to
seee whether I have fixed the problem(s) or not.

In short, if I am running OpenBSD, does that mean I have to reboot each
time I want to test whether I have fixed the errors reported by
readproctitle?

Once again, much thanks and appreciation to all who have bothered to
read and respond.

Steven Boothe
--
UUPlus - Making E-mail Reliable over Satellite Phones
http://www.uuplus.com
tim tom
2002-02-09 05:15:32 UTC
Permalink
is it ok if i just run qmqpd only without smptd. do i
need both?

rgds.


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
Charles Cazabon
2002-02-09 15:39:40 UTC
Permalink
Post by tim tom
is it ok if i just run qmqpd only without smptd. do i
need both?
If you want to accept mail from the rest of the internet, you need
qmail-smtpd. qmail-qmqpd should only be used to allow internal, trusted hosts
to queue mail; there's no relay control built in.

qmail-qmtpd, on the other hand, can be opened to the outside world -- but only
people running qmail with the qmtpc patch will ever try to send mail by QMTP.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
tim tom
2002-02-09 10:57:07 UTC
Permalink
can someone show me a sample qmqpd run file and the
log run file please.

--
tim

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
Mark Delany
2002-02-11 23:57:08 UTC
Permalink
If Kmail is injecting the mail via SMTP, then KMail should be
generating the message-id, not qmail. Message-IDs are header content
created by clients.

idhost only applies to mail inject locally via qmail-inject. Inbound
SMTP does not go via qmail-inject.


Regards.
I have read the man page and consulted The qmail Handbook regarding
qmail-inject and Message-ID's, and have even added an 'idhost' file to
the 'control' directory. However I am still unable to forward UCE to
abuse.net via our qmail system. Can someone please offer a suggestion
as to why my forwarded mail has its' Message-ID suppressed?
Thanks so much as usual,
Steven
--- Below this line is a copy of the message.
Received: (qmail 10670 invoked from network); 11 Feb 2002 12:38:41 -0500
Received: from plusemail.com (HELO lososos.plusemail.com) (64.4.141.247)
by mail2.iecc.com with SMTP; 11 Feb 2002 12:38:41 -0500
Received: (qmail 21974 invoked from network); 11 Feb 2002 17:45:52 -0000
Received: from unknown (HELO there) (192.168.0.234)
by 192.168.0.2 with SMTP; 11 Feb 2002 17:45:52 -0000
Content-Type: text/plain;
charset="iso-8859-15"
Subject: Fwd: Do you want to make extra money?
Date: Mon, 11 Feb 2002 09:38:42 -0800
X-Mailer: KMail [version 1.3.1]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Steven Boothe
2002-02-12 01:25:24 UTC
Permalink
Post by Mark Delany
If Kmail is injecting the mail via SMTP, then KMail should be
generating the message-id, not qmail. Message-IDs are header content
created by clients.
idhost only applies to mail inject locally via qmail-inject. Inbound
SMTP does not go via qmail-inject.
Regards.
Thank you Mark.

This was however a rather curious response for me though. I have not
yet encountered this problem while using sendmail or postfix to send my
outgoing SMTP from Kmail. This may possibly reflect poorly on the way
in which these MTA's handle things, I don't know.

Either way though, I was able to track down a setting under Kmail's
settings where I could (of all things!) set my own custom Message-ID
domain. Crazy, but hey it works now. :)

Thanks again, and hope the rest of your day/eve goes well,

Steven
Franz Sirl
2002-02-12 14:46:17 UTC
Permalink
I have read the man page and consulted The qmail Handbook regarding
qmail-inject and Message-ID's, and have even added an 'idhost' file to
the 'control' directory. However I am still unable to forward UCE to
abuse.net via our qmail system. Can someone please offer a suggestion
as to why my forwarded mail has its' Message-ID suppressed?
Activate kmail Message-ID's under Settings/Mimeheaders, that should do it.

Franz.
Chris Johnson
2002-02-20 21:27:08 UTC
Permalink
Hi, I've been watching this list for a while, and there are many posts about
how to prevent you from receiving spam, I've got a different problem. I have
a qmail + vpopmail + qmailqueue server that we use for our customer's email.
It currently has around 8000 domains on it, and I've got a few people who are
popping their email, which lets them relay from that ip for an hour, and
during that hour are spamming like hell.
Do they really need a whole hour to relay? Is the time configurable?

You might try implementing tarpitting: http://www.palomine.net/qmail/tarpit.html

Chris
Mark Delany
2002-02-20 22:30:35 UTC
Permalink
Post by Chris Johnson
Hi, I've been watching this list for a while, and there are many posts about
how to prevent you from receiving spam, I've got a different problem. I have
a qmail + vpopmail + qmailqueue server that we use for our customer's email.
It currently has around 8000 domains on it, and I've got a few people who are
popping their email, which lets them relay from that ip for an hour, and
during that hour are spamming like hell.
Do they really need a whole hour to relay? Is the time configurable?
And, is he talking about the original user spamming? If so, why not
kick off the user?

If he's talking about the problem of spammers sniffing for open
SMTP-after-POP connections then he has a problem as people are more
commonly doing this. This only real solution then is SMTP AUTH.


Regards.
Chris Johnson
2002-02-20 22:55:40 UTC
Permalink
Post by Mark Delany
If he's talking about the problem of spammers sniffing for open
SMTP-after-POP connections then he has a problem as people are more commonly
doing this.
Whoa! Really? You mean people connect to the Internet on recently disconnected
dial-up nodes and then scan SMTP servers world-wide to see if there might
somewhere be an available SMTP-after-POP connection with time left on it for
that particular IP address? What are the odds of that being successful? Why
not just look for one of the bazillion completely open relays? Or am I missing
some way of short-cutting the process?

I'm pretty sure he meant that his own users were abusing his relay, and that he
wanted an easy way to figure out which ones. That wouldn't be that easy to do,
unless he got qmail-pop3d to log the user name and IP.

Chris
Mark Delany
2002-02-20 23:14:48 UTC
Permalink
Post by Chris Johnson
Post by Mark Delany
If he's talking about the problem of spammers sniffing for open
SMTP-after-POP connections then he has a problem as people are more commonly
doing this.
Whoa! Really? You mean people connect to the Internet on recently disconnected
dial-up nodes and then scan SMTP servers world-wide to see if there might
somewhere be an available SMTP-after-POP connection with time left on it for
that particular IP address? What are the odds of that being successful? Why
not just look for one of the bazillion completely open relays? Or am I missing
some way of short-cutting the process?
Yes. You use the pool of smtp servers that share the pool of dialup
addresses. Especially useful as many smaller ISPs outsourced their
dialups to large dialup players like uu.net (and even larger ISPs
outsource for that matter). When you think about it, most people are
going to POP their mail when they dial in, so pretty much every dialup
address that is outsourced has SMTP-after-POP access to some
associated SMTP server.

I'm not saying it's very prevalent, but no doubt some spamrammer has
written and sold a program to do just that.
Post by Chris Johnson
I'm pretty sure he meant that his own users were abusing his relay, and that he
wanted an easy way to figure out which ones. That wouldn't be that easy to do,
unless he got qmail-pop3d to log the user name and IP.
You mean he can't correlate the IP address of the inbound email
connection (as logged by qmail-smtpd/tcpserver) with the assignment of
the dialup IP address given at login? (Essentially the same problem as
the one above, ie doable if you have all the logs).

In any event, SMTP AUTH still fixes both problems.


Regards.
m***@csi.hu
2002-02-21 01:33:04 UTC
Permalink
Post by Mark Delany
Yes. You use the pool of smtp servers that share the pool of dialup
addresses.
I am not getting this: do not you have to be able to log in at a valid
pop account to be able to do smtp after pop? So a spammer first has
to get a users pop username and passwd. Why would a spammer try to do
this instead of easier ways (even finding and spamming ezmlm lists
with nonconfirming sub policy seems more beneficial)?


Mate
Chris Johnson
2002-02-21 01:47:52 UTC
Permalink
Post by m***@csi.hu
Post by Mark Delany
Yes. You use the pool of smtp servers that share the pool of dialup
addresses.
I am not getting this: do not you have to be able to log in at a valid
pop account to be able to do smtp after pop? So a spammer first has
to get a users pop username and passwd.
No--if Joe Authorized POP-before-SMTP User at dialup IP address 1.2.3.4 pops
his mail and then hangs up the phone, then the next person who dials in and
happens to get the IP address 1.2.3.4 can relay through the previous user's
SMTP server for a short period of time. I still think it's very far-fetched to
think that a spammer would happen to get this IP address and then would locate
the correct SMTP server in time to do any damage. We all talk about
SMTP-after-POP on this mailing list, but I don't think it's very widely
implemented, certainly not so widely implemented that a spammer could rely on
finding a particular open relay on a particular recently disconnected dialup IP
address.
Post by m***@csi.hu
Why would a spammer try to do this instead of easier ways (even finding and
spamming ezmlm lists with nonconfirming sub policy seems more beneficial)?
I don't think he would. There are tons of easy-to-find open relays out there
just waiting to distribute spam. Of course, many of them are RBLed, but he'd
still be able to get a big chunk of mail through.

Chris
Charles Cazabon
2002-02-21 01:47:20 UTC
Permalink
Post by Mark Delany
Yes. You use the pool of smtp servers that share the pool of dialup
addresses. Especially useful as many smaller ISPs outsourced their
dialups to large dialup players like uu.net (and even larger ISPs
outsource for that matter). When you think about it, most people are
going to POP their mail when they dial in, so pretty much every dialup
address that is outsourced has SMTP-after-POP access to some
associated SMTP server.
Not in my experience. With Outlook and some other very popular POP3 clients
defaulting to send-before-receive, this wouldn't work. They can be set to
check for mail before sending, but ISPs don't need the support hassle of
telling people how to reconfigure their clients.
Post by Mark Delany
I'm not saying it's very prevalent, but no doubt some spamrammer has
written and sold a program to do just that.
As someone else pointed out, it'd be much more effective for them to just scan
for open relays.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
Henning Brauer
2002-02-21 10:22:00 UTC
Permalink
Post by Charles Cazabon
Post by Mark Delany
Yes. You use the pool of smtp servers that share the pool of dialup
addresses. Especially useful as many smaller ISPs outsourced their
dialups to large dialup players like uu.net (and even larger ISPs
outsource for that matter). When you think about it, most people are
going to POP their mail when they dial in, so pretty much every dialup
address that is outsourced has SMTP-after-POP access to some
associated SMTP server.
Not in my experience. With Outlook and some other very popular POP3 clients
defaulting to send-before-receive, this wouldn't work. They can be set to
check for mail before sending, but ISPs don't need the support hassle of
telling people how to reconfigure their clients.
Well, the point is: you have no choice. Don't try your customers to use
their dialin ISPs relays, 1) they don;t understand that, 2) there is
T-Offline here forcing the envelope sender (and maybe the From:, too -
dunno) to be @t-online.de. I heard there's a way 'round it, but don't expect
your customers to understand this.
Next option: SMTP AUTH. Great, we support it. Over SSL this is a pretty
decent solution. Does the majority of customers understand this? No.
SO back to SMTP-after-POP. This works pretty well. Most customers check for
new mail before they write mails theirself anyway, so they don't notice
that. Put a nice FAQ entry on SMTP-after-POP on your support site and link
that from the welcome message every user gets. Support hassle on
SMTP-after-POP: near zero.

Granting rely access for a whole hour is much to much IMHO, though. We grant
15..30 minutes.
--
| Henning Brauer | PGP-Key: http://misc.bsws.de/hb/pubkey.asc
| BS Web Services | Roedingsmarkt 14, 20459 Hamburg, DE | http://bsws.de
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
Adrian Ho
2002-03-01 09:55:02 UTC
Permalink
I have issues with qmail-smtpd appending quotation marks when using
RELAYCLIENT...
Eh? Show us the contents of your tcp.smtp (or wherever you're setting
RELAYCLIENT for qmail-smtpd to use).
Does anyone else have any similar issues?
No, and nothing like your patch has ever been necessary, IIRC.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Adrian Ho
2002-03-02 03:30:27 UTC
Permalink
[Please respect my Mail-Followup-To setting and reply to the list
instead of directly to me.]
I am using xinetd,
Not recommended around these parts, but we'll skip that for a moment...
/etc/xinetd.d/smtp-local
service smtp-local
{
bind = tlw.home
port = 25
flags = REUSE NAMEINARGS
env = RELAYCLIENT=""
Two problems here:

[1] The xinetd.conf man page says, in part:

env The value of this attribute is a list of
strings of the form 'name=value'.

Given the lack of quote characters around <value> in the above, I'd
bet xinetd is taking your double quotes as the literal value of
RELAYCLIENT. The "correct" setting might be RELAYCLIENT= (ie.
nothing after the equals sign). I say "correct", because...

[2] You are officially an open relay, since you set RELAYCLIENT for
/every/ incoming connection, instead of on a selective basis
(another reason why tcpserver is a better choice than xinetd for
fronting qmail-smtpd). If your server is publicly visible, you may
already be on one or more RBLs.

I recommend you read and follow the installation instructions in LWQ
<http://www.lifewithqmail.org/> instead. Or pick up a copy of "The
qmail handbook", a more comprehensive treatment of LWQ written by the
same author.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Joshua M. Schmidlkofer
2002-03-02 03:48:20 UTC
Permalink
Post by Adrian Ho
[Please respect my Mail-Followup-To setting and reply to the list
instead of directly to me.]
I am using xinetd,
env The value of this attribute is a list of
strings of the form 'name=value'.
Given the lack of quote characters around <value> in the above, I'd
bet xinetd is taking your double quotes as the literal value of
RELAYCLIENT. The "correct" setting might be RELAYCLIENT= (ie.
nothing after the equals sign). I say "correct", because...
Super I will give this a try
Post by Adrian Ho
[2] You are officially an open relay, since you set RELAYCLIENT for
/every/ incoming connection, instead of on a selective basis
(another reason why tcpserver is a better choice than xinetd for
fronting qmail-smtpd). If your server is publicly visible, you may
already be on one or more RBLs.
heh. I may not know everthing, but believe me - I do know about relaying,
"smtp-local" is explicit w/ regard to what the iface is listening, and what
traffic is allowed to pass.

http://www.ordb.org/lookup/?host=mail.asylumwear.com
[the two I am listed on are automatic because of my ip range]
Post by Adrian Ho
I recommend you read and follow the installation instructions in LWQ
<http://www.lifewithqmail.org/> instead. Or pick up a copy of "The
qmail handbook", a more comprehensive treatment of LWQ written by the
same author.
OK.... [Actually, aside from the issue w/ envvars, everything else is ok.

js


tcpd is more work than I to set up than it's worth [for me], and a little
conformity goes a long way here... xinetd, or inetd admittedly aren't
recommendable, but for my purposes are preferable.

Thanks for the input, I will post again w/ news of my sucess/failure.

thanks,
joshua


p.s. Sorry about the direct reply.
Charles Cazabon
2002-03-08 18:51:53 UTC
Permalink
I have set up qmail and its working better than expected. I only have one
Not with djb's checkpassword, you don't.
Using Redhat7.2
Vpop3d
What is "vpop3d"? Does it include a checkpassword replacement? If so, ask
its authors, as it's not part of qmail and not a qmail question.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
Charles Cazabon
2002-03-17 17:10:35 UTC
Permalink
I would also propose an alternate idea that may work out even better.
Set up a qmail-newbie list.
It's been proposed many times. To work, you have to solve the problem of how
to get newbies to post to the qmail-newbie list instead of the main qmail
list. Nobody has yet proposed a workable solution to this problem.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
-----------------------------------------------------------------------
Michael Sierchio
2002-03-17 17:21:20 UTC
Permalink
I agree with George Auch 100%.
I would also propose an alternate idea that may work out even better.
Set up a qmail-newbie list. That would allow everyone on this list who
can't deal with answering FAQs to avoid seeing them and it allows people
who post FAQs to get an answer to their question rather than getting
kicked in the teeth.
The best teaching principle is repetition -- and the best pedagogical technique
may be succinctly summarized as: tell them what you are going to say, say
what you are going to say, and then tell them what you said.

There are two strains of confusion present here -- the urge to "improve"
on djb's exposition by those who haven't invested sufficient effort at
understanding it, and those who are irritated that the same, technically
trivial question gets posed here again and again.
J***@gmx.net
2002-03-18 22:12:43 UTC
Permalink
Hello!

As a complete newbie on this list and to avoid further trafic on what
is yet said I should rather keep quiet on the subject. but... :)

On Sun, Mar 17, 2002 at 09:21:20AM -0800, Michael Sierchio wrote:
...
Post by Michael Sierchio
Set up a qmail-newbie list. That would allow everyone on this list who
...
Splitting mailing lists hinders comunication.
Post by Michael Sierchio
There are two strains of confusion present here -- the urge to "improve"
...
Post by Michael Sierchio
trivial question gets posed here again and again.
...
I agree completly.


A list *needs* newcomers to refresh itself and has to deal with
teaching them.

Here are my personal rules with respect to "dumb" questions.

1- If I have no time to respond, I do not bother and simply kill the letter.

2- If anybody yet has responded (or it is likely they will do) I do not
respond, maybe I keep the letter three days to see what happens.

3- If I have time and a *good* answer, I answer immediatly.

a) *good* means, the question will likely not be asked again
by the same person.
b) If I can give just a reference to some manual which is
assured to be available by the asker and fulfills a) It is
"the right" *good* answer.

4- If I receive no answer to a question, I asume that its a dumb
question and that 1-, 2- or 5- is happening to me.

rule 5- is unwritten and states, that a person who insists in asking
the same dumb question again will not anymore get a response from me.

Best Regards,

Jorge-León
Charles Cazabon
2002-03-19 19:07:25 UTC
Permalink
I would like to have an email system that users can log into via ssh in order
to make their own .qmail and procmail files.
As I was thinking about it I realized that the password they would presumably
use for both would be the same. Is this the normal way to have it done?
Sometimes yes, sometimes no. I think the most frequent way to provide POP
access these days is to not give the users shell accounts at all; instead,
make them virtual users or users in a virtualdomain. qmail provides great
support for this, and vmailmgr makes it even easier.
In this case their shell account could be compromised via an unencrypted
email password .... what is the recommended way to have a system like this
setup? Perhaps forcing the users to use encryped Pop would work, but I'm
wondering if there is something I am missing.
You could give them separate passwords for mail and for shell access, or (my
preference) don't give them shell access at all. Provide a web interface that
allows them to make common/approved modifications to their .qmail file.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
-----------------------------------------------------------------------
Russell Nelson
2002-03-20 20:16:35 UTC
Permalink
I would like to have an email system that users can log into via ssh in order
to make their own .qmail and procmail files.
As I was thinking about it I realized that the password they would presumably
use for both would be the same. Is this the normal way to have it done?
You could use APOP, but that can be troublesome for customers. You
could set up a web front end to edit their .qmail and procmail files.
Of course, you should verify the resultant files to make sure that
they contain no program deliveries. You could use checkpw instead of
checkpassword, and verify against a file stored in the user's home
directory. Different passwords gets ugly, though. I'd make them a
web front end, myself.
--
-russ nelson http://russnelson.com | If something is immoral
Crynwr sells support for free software | PGPok | when one person does it,
521 Pleasant Valley Rd. | +1 315 268 1925 voice | it is immoral when many
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | people vote to do it.
Adrian Ho
2002-04-13 06:04:23 UTC
Permalink
unwanted mail from the host.
To be precise, badmailfrom's @host.domain.com syntax tells
qmail-smtpd to block mail whose envelope sender address is of the form
If that is true, why does it still get in?
Perhaps you confused "envelope sender address" with "From: header
contents".

For each message that you feel was erroneously permitted, check the
address in the first Return-Path: header; that's the envelope sender
address, and I'd bet it /isn't/ of the form ***@host.domain.com.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Adrian Ho
2002-04-13 14:15:32 UTC
Permalink
Here is an example of spam and of which I have in .../badmailfrom
This is the envelope sender address, which is what qmail-smtpd will
match against the contents of control/badmailfrom.
[...]
is the sending server. or the server that connected to my server.
Nope. The reason the control file is called "badmailfrom" is because
the envelope sender address is the value specified in an SMTP MAIL FROM:
command. This may have no relation to the FQDN of the sending host, as
you can see from the spam example you posted.

Blocking mail from the host front2.mail.megapathdsl.net is better
accomplished at the connection level instead. If you're using rblsmtpd
along with qmail-smtpd (recommended), simply add:

66.80.60.30:allow,RBLSMTPD="-Sorry, I don't accept mail from a know spam host"

to tcp.smtp and run "qmailctl cdb". Also read LWQ section 3.7 for the
URL of Chris Hardie's qmail Anti-Spam HOWTO.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Karsten W. Rohrbach
2002-04-21 17:04:29 UTC
Permalink
Hi all,
I start tcpserver like this from /etc/rc.d/rc.local
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 404 -g 404 -Hl 0 0 smtp
/usr/local/bin/recordio /var/qmail/bin/qmail-smtpd &
Everything works fine but all the smtp connections are logged to tty1.
What happens is all the smtp traffic gets logged on tty1.
this is a logical result of your way to invoke it.
The faq says that recordio is used in conjuction with syslog, but I use
multilog, is that the reason?
you are _not_ using it with multilog. that's the reason.
I use daemontools to with qmail.
no you don't, when you start smtpd from /etc/rc.d/rc.local they way you
told us above.
Do, I need to provide any more info?
no, but read the daemontools documentation ;-)
http://www.lifewithqmail.org/lwq.html might have more information for
you...

regards,
/k
--
SIGSIG -- signature too long (core dumped)
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Payal
2002-04-22 12:25:13 UTC
Permalink
Hello,
Post by Karsten W. Rohrbach
I start tcpserver like this from /etc/rc.d/rc.local
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 404 -g 404 -Hl 0 0 smtp
/usr/local/bin/recordio /var/qmail/bin/qmail-smtpd &
Everything works fine but all the smtp connections are logged to tty1.
What happens is all the smtp traffic gets logged on tty1.
this is a logical result of your way to invoke it.
No I don't get this???
Post by Karsten W. Rohrbach
you are _not_ using it with multilog. that's the reason.
Yes, I am, I have a directory /var/qmail/log in which a file exists called
current which gets updated when I send new mails, telling me whether the
remote host has accepted my mail or not.
Post by Karsten W. Rohrbach
I use daemontools to with qmail.
no you don't, when you start smtpd from /etc/rc.d/rc.local they way you
told us above.
I monitor port 25 from /etc/rc.d/rc.local as described above.
This info. I got from qmail's faq [
cr.yp.to/qmail/faq/servers.html#tcpserver-smtpd ]
My /etc/inittab contains
SV:123456:respawn:/command/svscanboot
My /service directory contains
lrwxrwxrwx 1 root root 11 Mar 31 16:54 qmail -> /var/qmail//
Thanks and bye.
-Payal
Charles Cazabon
2002-04-22 16:42:21 UTC
Permalink
Post by Payal
Post by Karsten W. Rohrbach
I start tcpserver like this from /etc/rc.d/rc.local
[...]
Post by Payal
Post by Karsten W. Rohrbach
you are _not_ using it with multilog. that's the reason.
Yes, I am,
No, you're not. You're logging qmail-send through multilog. qmail-smtpd, on
the other hand, you are not starting with svscan/supervise, and are not
logging with multilog.
Post by Payal
I have a directory /var/qmail/log in which a file exists called
current which gets updated when I send new mails, telling me whether the
remote host has accepted my mail or not.
That's the qmail-send log, not the qmail-smtpd log.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
-----------------------------------------------------------------------
Karsten W. Rohrbach
2002-04-22 22:46:16 UTC
Permalink
Post by Payal
Hello,
Post by Karsten W. Rohrbach
I start tcpserver like this from /etc/rc.d/rc.local
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 404 -g 404 -Hl 0 0 smtp
/usr/local/bin/recordio /var/qmail/bin/qmail-smtpd &
Everything works fine but all the smtp connections are logged to tty1.
What happens is all the smtp traffic gets logged on tty1.
this is a logical result of your way to invoke it.
No I don't get this???
***@WM:datasink[/service/smtpd]7# cat run
#!/bin/sh
PATH="/var/qmail/bin:/usr/local/bin:${PATH}"
exec 2>&1
exec softlimit -d4500000 tcpserver -v -PRH -lmail.webmonster.de \
-c30 -xacl.cdb -u82 -g81 0 smtp \
qmail-smtpd mail.webmonster.de

does that ring a bell?
<b><i><blink>
please read the docs!!!
</blink></i></b>

regards,
/k
--
Post by Payal
"Dort wo andere Moral besitzen hat sie ein Loch." --Erich Kaestner
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/
Please do not remove my address from To: and Cc: fields in mailing lists. 10x
Charles Cazabon
2002-04-24 14:10:09 UTC
Permalink
In my qmail-send log file I have the following error,
2002-04-24 10:13:38.946914500 warning: trouble opening remote/10/38420; will
try again later
Your queue is corrupted.
I had a single mail in queue, which I didn't want to I used qmHandle -D to
delete it. Is it cos' of that? Is it cos' qmHandle 0.5.1 is buggy.
I don't know if it's buggy. Did you stop the qmail-send process before using
qmHandle to modify the queue? If not, try stopping and restarting qmail-send
now, and see if you still get that log message.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
-----------------------------------------------------------------------
Adrian Ho
2002-04-30 04:38:40 UTC
Permalink
Now I don't want to keep copy of the mails [ cos' it is taking a lot of space
], i just want to keep list of all message-ids. Is it possible and how?
Is your system actually saving a copy of every message right now (as
your description suggests)?
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }'
then you should /not/ see every message being saved. If that really is
happening, it's probably being done somewhere else in your setup.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Payal
2002-04-30 13:27:33 UTC
Permalink
Hi,
Thanks for the mail.
Post by Adrian Ho
Is your system actually saving a copy of every message right now (as
your description suggests)?
yes, it is keeping a log of the messages.
The line in ~alias/.qmail-log is
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~alias/message-ids.log
The FAQ told me,
Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h.
Recompile qmail. Put ./msg-log into ~alias/.qmail-log.
But I didnt want copies of messages so I omitted ./msg-log
Still it is logging. Any other source it must be coming from?
extra.h contains,
#define QUEUE_EXTRA "Tlog\0"
#define QUEUE_EXTRALEN 5

What must be the issue?
-Payal
Post by Adrian Ho
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }'
then you should /not/ see every message being saved. If that really is
happening, it's probably being done somewhere else in your setup.
Adrian Ho
2002-04-30 13:41:28 UTC
Permalink
Post by Payal
The line in ~alias/.qmail-log is
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~alias/message-ids.log
Just to be sure, show us the output of "cat ~alias/.qmail-log".
Also check your logs to see which local address(es) each message is
being delivered to.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Payal
2002-04-30 14:38:34 UTC
Permalink
Hi,
# cat .qmail-log
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~alias/message-ids.log
This is a test message copy found in /home/log/Maildir/new

Return-Path: <***@localhost.localdomain>
Delivered-To: ***@localhost.localdomain
Received: (qmail 4320 invoked by uid 0); 30 Apr 2002 14:34:59 -0000
Date: 30 Apr 2002 14:34:59 -0000
Message-ID: <***@localhost.localdomain>
From: ***@localhost.localdomain
To: ***@localhost.localdomain
Subject: hello.

This is one of the logs I got,
2002-04-30 20:06:02.881434500 starting delivery 3: msg 39468 to local
***@localhost.localdomain
Thanks a lot and bye.
-Payal
Post by Adrian Ho
Post by Payal
The line in ~alias/.qmail-log is
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~alias/message-ids.log
Just to be sure, show us the output of "cat ~alias/.qmail-log".
Also check your logs to see which local address(es) each message is
being delivered to.
Adrian Ho
2002-04-30 15:06:58 UTC
Permalink
Post by Payal
Hi,
# cat .qmail-log
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~alias/message-ids.log
This is a test message copy found in /home/log/Maildir/new
There's your problem: Since you have a real user "log", that takes
precedence over the "log" alias you created. Either delete the user
"log", or put the above line in ~log/.qmail instead.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Payal
2002-05-01 04:57:49 UTC
Permalink
Hi,
I removed ~alias/.qmail-log file completely.
I made ~log/.qmail as,
./Maildir/
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~log/messagelog
When I just remove ./Maildir/ no mails are inserted in ~log/Maildir/new, is
this all I have to do? Is it ok?
Thanks and bye.
-Payal
Post by Adrian Ho
There's your problem: Since you have a real user "log", that takes
precedence over the "log" alias you created. Either delete the user
"log", or put the above line in ~log/.qmail instead.
Adrian Ho
2002-05-01 05:49:21 UTC
Permalink
Post by Payal
Hi,
I removed ~alias/.qmail-log file completely.
I made ~log/.qmail as,
./Maildir/
I thought you said you didn't want to keep copies of each message, so
why do you have a maildir delivery instruction in ~log/.qmail?
Post by Payal
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~log/messagelog
When I just remove ./Maildir/ no mails are inserted in ~log/Maildir/new, is
this all I have to do? Is it ok?
Yes. "./Maildir/" does exactly what you stated that you did /not/ want
to happen -- save a copy of each message delivered to "log".

Also "man dot-qmail" -- it sounds like you don't understand what each
line in .qmail does (or for that matter, how qmail decides which .qmail
to look at). Ignorance, in this case, is /not/ bliss.
--
Adrian Ho Tinker, Drifter, Fixer, Bum aho-djb-***@03s.net
ListArchive: <http://marc.theaimsgroup.com/?l=qmail>
Useful URLs: <http://cr.yp.to/qmail.html> <http://www.qmail.org>
<http://www.lifewithqmail.org/> <http://qmail.faqts.com/>
Payal
2002-05-01 15:27:30 UTC
Permalink
Hi,

Thanks for the mail. Well, I know about dot-qmail. The ./Maildir/ feature was
implemented from /etc/skel itself, but my resoning was that if a mail didn't
arrive for the user log then it won't be going to Maildir itself. The qmail
FAQ
says,
Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in extra.h.
Recompile qmail. Put ./msg-log into ~alias/.qmail-log.
I had not put ./msg-log [wonder what that meant] in .qmail-log, so I thought
that mails won't get there at all. Then what does this msg-log do?
Does it mean that simply setting QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN
to 5 in extra.h
keeps copies of the mails in logs Maildir?
Thanks and bye.
-Payal
Post by Adrian Ho
Post by Payal
Hi,
I removed ~alias/.qmail-log file completely.
I made ~log/.qmail as,
./Maildir/
I thought you said you didn't want to keep copies of each message, so
why do you have a maildir delivery instruction in ~log/.qmail?
Post by Payal
| awk '/^$/ { exit } /^[mM][eE][sS][sS][aA][gG][eE]-/ { print }' >>
~log/messagelog
When I just remove ./Maildir/ no mails are inserted in ~log/Maildir/new,
is this all I have to do? Is it ok?
Yes. "./Maildir/" does exactly what you stated that you did /not/ want
to happen -- save a copy of each message delivered to "log".
Also "man dot-qmail" -- it sounds like you don't understand what each
line in .qmail does (or for that matter, how qmail decides which .qmail
to look at). Ignorance, in this case, is /not/ bliss.
Charles Cazabon
2002-05-01 15:36:28 UTC
Permalink
The qmail FAQ says, Set QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN to 5 in
extra.h. Recompile qmail. Put ./msg-log into ~alias/.qmail-log.
The problem there is that that FAQ answer assumes you do _not_ have a local
user named "log". You do, so the above doesn't work without some changes.
Does it mean that simply setting QUEUE_EXTRA to "Tlog\0" and QUEUE_EXTRALEN
to 5 in extra.h keeps copies of the mails in logs Maildir?
No. It means it sends an extra copy of every message to <***@yourdomain>.
What you do with that is your business. You're the one that decided to file
them all in a Maildir.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
-----------------------------------------------------------------------
Charles Cazabon
2002-06-07 15:12:14 UTC
Permalink
I know that qmail haves a controls file called "databytes"
for outgoing and incoming message,
No. It's only for messages received via SMTP.
now, I would like to know there to sets max incoming and outgoing messages
with diferents size (e.g max incoming 10mb and max outgoing 20mb).
If it's received via SMTP, there's no difference between "incoming" and
"outgoing" mail except perhaps the originating IP address -- in which case
tcpserver's rules database can be used to do the trick. `man qmail-smtpd` for
details.

Charles
--
-----------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
-----------------------------------------------------------------------
Charles Cazabon
2002-06-17 18:47:12 UTC
Permalink
There is permission problem ... Maildir should be have user readable ...
Please don't speculate, as it simply wastes the time of everyone on this list.
drwxr-xr-x 5 inphase1 mail1 4096 May 2 11:16 Maildir
drwxr-xr-x 2 inphase1 mail1 4096 May 2 11:16 cur
drwxr-xr-x 2 inphase1 mail1 4096 Jun 17 15:13 new
drwxr-xr-x 2 inphase1 mail1 4096 Jun 17 16:50 tmp
As you can see from what the user posted, the Maildir and its subdirectories
are already user-writable.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Charles Cazabon
2002-06-17 18:51:27 UTC
Permalink
Post by Charles Cazabon
As you can see from what the user posted, the Maildir and its subdirectories
are already user-writable.
Typo: meant "readable".

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Charles Cazabon
2002-07-31 18:41:44 UTC
Permalink
Hello, I am facing a strange error. In my office a user send his mail from
outlook express (yeah, i don't like it too) to a particular local user and it
gets treated as remote. Well, for all the other users of the domain the mails
are delivered properly, but not for this. I am giving the headers generated
by OE and error by qmail.
qmail doesn't deliver according to the message headers; it delivers according
to the envelope recipient address(es), which is supplied by the client when
injecting via SMTP. You've hit a bug in OE; please call Microsoft.
Sorry, I couldn't find any host named dimakhc.com>>. (#5.1.2)
works properly, but not in this case.
I have solved the problem, by changing the "DISPLAY NAME" in OE's settings
dimakhc.com is in locals?
The above error shows that the messages was addressed to a recipient in the
domain "dimakhc.com>>", not "dinakhc.com". OE bug.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Shantanu
2002-07-31 20:00:04 UTC
Permalink
Hi, Thanks Charles for the mails
works properly, but not in this case.
I have solved the problem, by changing the "DISPLAY NAME" in OE's settings
dimakhc.com is in locals?
The above error shows that the messages was addressed to a recipient in the
domain "dimakhc.com>>", not "dinakhc.com". OE bug.
dinakhc.com...I never mentioned that. I said mails were going to
***@dimakhc.com but not to ***@dimakhc.com
I am not getting why qmail is saying,

Sorry, I couldn't find any host named dimakhc.com>>. (#5.1.2)

When it can deliver mails locally to dimakhc.com?
Thanks a lot.
With regards.
-SHantanu
Chris Johnson
2002-07-31 20:44:21 UTC
Permalink
Post by Shantanu
Hi, Thanks Charles for the mails
works properly, but not in this case.
I have solved the problem, by changing the "DISPLAY NAME" in OE's settings
dimakhc.com is in locals?
The above error shows that the messages was addressed to a recipient in the
domain "dimakhc.com>>", not "dinakhc.com". OE bug.
dinakhc.com...I never mentioned that. I said mails were going to
I am not getting why qmail is saying,
Sorry, I couldn't find any host named dimakhc.com>>. (#5.1.2)
When it can deliver mails locally to dimakhc.com?
It can deliver locally to dimakhc.com, but not to dimakhc.com>>. See the
difference?

Chris
Markus Stumpf
2002-08-28 21:17:34 UTC
Permalink
Use "." in front of the domain name for "wildcards" in those control files.

echo .optin-offers.net:127.0.0.1 >> /var/qmail/control/smtproutes
echo .optin-offers.net:alias-baddomain >> /var/qmail/control/virtualdomains

See manual pages for
qmail-control
qmail-send
qmail-remote

\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
Charles Cazabon
2002-10-09 19:48:55 UTC
Permalink
We can not remove sendmail from the actual server due to HP Standards (I'm
trying to change that) so in light of that and the fact that qmail will have
its own IP and DNS entries, is it possible to have both qmail and sendmail
running?
Yes, easily. Each process can manage its own queue; then simply bind sendmail
to a single IP address for incoming mail and qmail-smtpd's tcpserver instance
to another IP address for incoming mail.

The only other place that sendmail and qmail conflict is in
/usr/{sbin,lib}/sendmail -- the "normal" qmail install process is to make
those symlinks to /var/qmail/bin/sendmail, so skip that step in the install.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
m***@csi.hu
2002-10-09 22:07:23 UTC
Permalink
Post by Charles Cazabon
We can not remove sendmail from the actual server due to HP Standards (I'm
trying to change that) so in light of that and the fact that qmail will have
its own IP and DNS entries, is it possible to have both qmail and sendmail
running?
Yes, easily. Each process can manage its own queue; then simply bind sendmail
to a single IP address for incoming mail and qmail-smtpd's tcpserver instance
to another IP address for incoming mail.
The only other place that sendmail and qmail conflict is in
/usr/{sbin,lib}/sendmail -- the "normal" qmail install process is to make
those symlinks to /var/qmail/bin/sendmail, so skip that step in the install.
So what happens with outgoing mail?

Mate
Sebastian Niehaus
2002-10-13 07:18:10 UTC
Permalink
mw-list-***@csi.hu writes:

[...]
Post by m***@csi.hu
Post by Charles Cazabon
The only other place that sendmail and qmail conflict is in
/usr/{sbin,lib}/sendmail -- the "normal" qmail install process is to make
those symlinks to /var/qmail/bin/sendmail, so skip that step in the install.
So what happens with outgoing mail?
Well, If you use /usr/{sbin,lib}/sendmail, Sendmail will take care of
it. If you use /var/qmail/bin/sendmail, qmail-inject or SMTP-injection
on the IP qmail is listening, it will send the mail as long as
qmail-send is kept running...


Sebastian
OAKS,JOE M (HP-Cupertino,ex1)
2002-10-09 20:08:21 UTC
Permalink
Thanks, this will be easier than I thought, as sendmail is already
bound to a single IP.

Joe

-----Original Message-----
From: Charles Cazabon [mailto:***@discworld.dyndns.org]
Sent: Wednesday, October 09, 2002 12:49 PM
To: ***@list.cr.yp.to
Subject: Re: Using qmail and sendmail on the same machine?
We can not remove sendmail from the actual server due to HP Standards (I'm
trying to change that) so in light of that and the fact that qmail will
have
its own IP and DNS entries, is it possible to have both qmail and sendmail
running?
Yes, easily. Each process can manage its own queue; then simply bind
sendmail
to a single IP address for incoming mail and qmail-smtpd's tcpserver
instance
to another IP address for incoming mail.

The only other place that sendmail and qmail conflict is in
/usr/{sbin,lib}/sendmail -- the "normal" qmail install process is to make
those symlinks to /var/qmail/bin/sendmail, so skip that step in the install.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
OAKS,JOE M (HP-Cupertino,ex1)
2002-10-09 22:43:29 UTC
Permalink
So you do not care about outgoing mail?
Outgoing mail is not handled by this server.
How about local delivery?
Local delivery will be handled by sendmail as the sendmail will be assigned
the systems primary ip, all the other ip's are virtual ip's and secondary
nic's.
Which mailer do you want to use to deposit in user's mailboxes?
The mail will be handled by qmail as incoming only for this application,
mail.support, so any mail sent to *@mail.support.hp.com will be set to a
specific ip (assigned to qmail) and delivered into there respective
maildir's
currently 500+/-, this is then popped by the different handlers of
mail.support and then replied to via exchange (/me shutters).

So in answer no, at this point we are not concerned with outgoing mail as
it is all handled by exchange (/me shutters) I hate even saying that word :)

Joe

I have a Dream, to convert all of HP WORLDWIDE to qmail :)
I know it wont happen but, hey I can dream can't I?

-----Original Message-----
From: mw-list-***@csi.hu [mailto:mw-list-***@csi.hu]
Sent: Wednesday, October 09, 2002 3:10 PM
To: OAKS,JOE M (HP-Cupertino,ex1)
Subject: Re: Using qmail and sendmail on the same machine?


On Wed, Oct 09, 2002 at 01:07:59PM -0700, OAKS,JOE M (HP-Cupertino,ex1)
Thanks, this will be easier than I thought, as sendmail is already
bound to a single IP.
So you do not care about outgoing mail? How about local delivery?
Which mailer do you want to use to deposit in user's mailboxes?

Mate
Joe
-----Original Message-----
Sent: Wednesday, October 09, 2002 12:49 PM
Subject: Re: Using qmail and sendmail on the same machine?
We can not remove sendmail from the actual server due to HP Standards
(I'm
trying to change that) so in light of that and the fact that qmail will
have
its own IP and DNS entries, is it possible to have both qmail and
sendmail
running?
Yes, easily. Each process can manage its own queue; then simply bind
sendmail
to a single IP address for incoming mail and qmail-smtpd's tcpserver
instance
to another IP address for incoming mail.
The only other place that sendmail and qmail conflict is in
/usr/{sbin,lib}/sendmail -- the "normal" qmail install process is to make
those symlinks to /var/qmail/bin/sendmail, so skip that step in the
install.
Charles
--
---------------------------------------------------------------------------
Charles Cazabon
http://www.qcc.ca/~charlesc/software/
Read
http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Charles Cazabon
2002-11-08 14:41:21 UTC
Permalink
Please let me know if there are any know issues with RieserFS and Qmail with
Maildir format.
Not with maildirs. There is an issue with the queue; you need to apply a
small patch to qmail to be safe if the queue is on ReiserFS. See here:
http://www.jedi.claranet.fr/qmail-tuning.html

This has been discussed many times on this list; please search the list
archives before posting your question next time.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
m***@csi.hu
2002-11-08 16:40:59 UTC
Permalink
I have switched one of our mail servers to Slackware 8.1. The filesystem type on all the partitions is RieserFS.
Will Qmail work with this filesystem? The other server we have has ext2 and Maildir format, running Qmail successfully.
I certainly would not bet on it at this point:

http://www.geocrawler.com/mail/thread.php3?subject=%5Breiserfs-list%5D+Oops+with+in+nfsd+-+2.4.19-pre6&list=3455

Mate
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
Matthias Andree
2002-11-11 23:32:46 UTC
Permalink
I have switched one of our mail servers to Slackware 8.1. The filesystem type on all the partitions is RieserFS.
Will Qmail work with this filesystem? The other server we have has ext2 and Maildir format, running Qmail successfully.
Now I would like use RieserFS on the newer mail server.
mount -o sync is mandatory for qmail on any Linux FS -- and either
deploy uninterruptible power supply or switch off your drive's write
cache if you're using ATA.

Have Slackware reiserfs data ordering/journalling patched into their
kernels? If not, better stick with ext2 or ext3 and proper options.
Figure what performs best for you, it may be ext2 or ext3 + data=journal.
--
Matthias Andree
DBS
2002-11-13 14:33:41 UTC
Permalink
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
Hahahahahahhahaha!
That's pretty funny.
I thought you were a Postfix user? Why are you telling lies about qmail?
Facts please. What is the lie?
Here it is: mount -o sync is mandatory for qmail on any Linux FS

^^^^^^^^^^^

mount -o sync is NOT mandatory for qmail on ANY Linux FS.

DBS
DBS
2002-11-13 15:25:19 UTC
Permalink
Post by DBS
mount -o sync is NOT mandatory for qmail on ANY Linux FS.
that does not come out right. suffice to say mount -o sync is not needed
on all types of Linux filesystems. that is you definitely need it for
ext2 but not for ext3 depending on the journal mode you use
Michael Sierchio
2002-11-13 15:50:34 UTC
Permalink
Post by DBS
Post by DBS
mount -o sync is NOT mandatory for qmail on ANY Linux FS.
that does not come out right. suffice to say mount -o sync is not needed
on all types of Linux filesystems. that is you definitely need it for
ext2 but not for ext3 depending on the journal mode you use
I believe that there is considerable confusion about journaling file systems,
softupdates, etc. These are methods of preserving metadata consistency and
provide a solution to the problem of file system recovery after a crash. In
the case of softupdates there is a performance increase due to deferred
metadata writes, and the safety comes from the guarantee that these will always
leave the on-disk metadata in a consistent state. Without an intent log or
such a guarantee, fscking a disk after a crash takes an amount of time
proportional to some exponent of the disk size (ca. 1.5 in the best case).

This is unrelated to the requirements for a stable file system queue,
where a program needs to expect that a return from a synchronous write
has indeed committed all the necessary bits to magnetism. Across a
system crash, you'd need an additional mechanism to back out a transaction,
which isn't possible in the case of SMTP, hence the admonitions regarding
requirements for the mail queue. Prof. Bernstein happens to take
this seriously, whereas others seem to have a rather cavalier attitude.
DBS
2002-11-13 16:02:32 UTC
Permalink
Post by Michael Sierchio
Post by DBS
Post by DBS
mount -o sync is NOT mandatory for qmail on ANY Linux FS.
that does not come out right. suffice to say mount -o sync is not
needed on all types of Linux filesystems. that is you definitely need
it for ext2 but not for ext3 depending on the journal mode you use
I believe that there is considerable confusion about journaling file systems,
softupdates, etc. These are methods of preserving metadata
consistency and
provide a solution to the problem of file system recovery after a crash. In
the case of softupdates there is a performance increase due to deferred
metadata writes, and the safety comes from the guarantee that these will always
leave the on-disk metadata in a consistent state. Without an intent log or
such a guarantee, fscking a disk after a crash takes an amount of time
proportional to some exponent of the disk size (ca. 1.5 in the best case).
This is unrelated to the requirements for a stable file system queue,
where a program needs to expect that a return from a synchronous write
has indeed committed all the necessary bits to magnetism. Across a
system crash, you'd need an additional mechanism to back out a
transaction,
which isn't possible in the case of SMTP, hence the admonitions regarding
requirements for the mail queue. Prof. Bernstein happens to take
this seriously, whereas others seem to have a rather cavalier attitude.
an ext3 filesystem loaded in full journal mode stores not only metadata
in the journal but also the actual file contents.

you won't need to use mount -o sync in this case and worry about losing
mail.
Matthias Andree
2002-11-14 18:06:23 UTC
Permalink
[This reply is lengthy and constitutes the first revision of a file
system semantics for MTA administrators mini-HOWTO. Feel free to
comment.]
Post by DBS
an ext3 filesystem loaded in full journal mode stores not only
metadata in the journal but also the actual file contents.
you won't need to use mount -o sync in this case and worry about
losing mail.
That's wrong and dangerous. The journal is filled asynchronously if you
go without -o sync or equivalents, even with data=journal. Clear text:
Even though you're using data=journal, the data written after fsync(),
namely an essential link(2), are only in RAM, i. e. can get lost in a
crash or power outage.

The short Linux recommendation is: go update util-linux, kernel and
e2fsprogs, place your queue on a ext2fs or ext3fs file system, shut down
your MTA (i. e. kill qmail-send, use svc -d), drop -o sync from fstab,
reboot, and use "chattr +D -R /var/qmail/queue" once. I'm not
recommending ReiserFS at this point, and I can't say if chattr +S or +D
or even -o sync will have effects. My personal preference is clearly
ext3fs with chattr +D at this time.


Here is a hopefully comprehensive write-up about these features.

I reserve the full copyright, verbatim distribution via the qmail list
and its archives is permitted though. Redistribution data obtained from
the archives is NOT permitted at this point. You can always write the
qmail-***@list.cr.yp.to command or archive URL will place this
document under a more liberal license after it's been reviewed and
updated. Caching proxies are also allowed to redistribute my data, ask
for details if necessary. Redistributing cached data other than regular
operation a default squid or apache install would do is NOT permitted.


There are two requirements that are confused here. I'll clarify these
and correct and elaborate my former "you need mount -o sync" claim,
mount -o sync is one, the most portable, way to achieve the semantics
that qmail relies on. It is expensive, there are cheaper ways. Read on,
this will not be a qmail-is-dumb flame feast that I'm accused of so
often.

1. the on-disk consistency of the file system

2. the ordering of ACTUAL PHYSICAL write operation and REPORTED
COMPLETION. As Michael has pointed out, backing out the transaction
means losing the mail.

Some explanations of how things work.


Contents:

0. PREFACE
1. CONSISTENCY. What journalling or softupdates do.
2. PERSISTENCE, SYNCHRONIZATION AND ORDERING
3. IMPAIRMENT OF ORDERING
4. TUNING
5. OTHER SYSTEMS AND FUTURE RESEARCH

=== PREFACE ===

In this document, except the TUNING section, -o sync means "any
synchronous mechanism", it might mean chattr +S, -o dirsync, chattr +D
(careful, read the TUNING section below).

=== CONSISTENCY ===

The ext3fs journal records transactions to meta data (and possibly data
in data=journal mode, at the expense of write speed). ext3fs
data=ordered mode makes sure that ALL data modifications be written
before the meta data are updated. data=writeback merely journals the
meta data changes, but makes no guarantees about the order of when data
or meta data are written.

data=ordered and data=journal make sure that if a NEW file is written,
it's integer. With data=writeback, the file may be on disk, but the
contents may have been lost in a crash. (This is the same as for
ext2fs.) This can frequently be observed on ReiserFS or ext2 systems
when the computer crashes under heavy asynchronous write load.

The ReiserFS journal is metadata-only and corresponds to data=writeback
unless you use Chris Mason's patches and force data=journal or
data=ordered. (I'm unsure if a vanilla reiserfs accepts data=writeback.)

The BSD softupdates code effectively makes a file system "async", but
makes sure that no unordered writes corrupt the file system structure.

So, either of these mechanisms, logging/journaling or softupdates, make
sure the file system comes up quick and clean after an unclean shutdown.

=== PERSISTENCE, SYNCHRONIZATION AND ORDERING ===

The other issue is -o sync. I'll elaborate on the tuning later, mount -o
is the big cannon that shoots at the bird and may be unacceptably
expensive.

When an application (say, qmail) tells the kernel "write me that data to
disk", then the change may either be a change to file data, file meta
data or to directory data. Let's subsume file data under file meta data
for now. File data are the actual file contents. File Meta data are file
size, creation date, and so on. Directory data are -- simplified -- the
file names. If an application creates a new file, writes to it, and closes
it, then there are file data and directory data.

"synchronous" write means: if an application uses a kernel function,
this function will only return to the application after the data has
been written to physical media to the best of the kernel's knowledge.

"asynchronous" write means: the kernel function may return to the
application before the data has been written in physical media, for
example if the data may be at a cache.

Asynchronous data is written back later, usually, these data are sorted
by disk block or something to increase the efficiency, and collected
into larger write commands, again, to increase the efficiency. IIRC,
BSD softupdates claims 90 s, Linux trickles dirty writes every 30 s.
Don't quote me on these two figures though.

Qmail REQUIRES that -- among others -- the link(2) kernel function is
synchronous, i. e. the link(2) function MUST NOT return before the data
are physically on the disk. Reason: right after the completion, qmail
tells the SMTP client "250 Ok"; and the client will delete its queue
file immediately. qmail has taken over the responsibility for the mail.

Link(2) is a "directory write". Linux has always written directory data
asynchronously, unless -o sync was in place. BSD with async or
softupdates also writes directory data asynchronously. Consequence:
qmail takes over responsibility BEFORE the data are on disk physically.
This can cause mail loss, if the computer crashes or the power fails
before the data have been written from the RAM cache to physical media.

So the ordering requirement is clear: link(2) must first write the data
to physical media before returning control to the application (qmail).

mount -o sync and equivalent mechanisms force directory updates to be
synchronous, so that qmail can be reliable at all. Read the next section
why this is not always sufficient.

=== IMPAIRMENT OF ORDERING ===

Hard disk drives use caches to improve the write speed, and these may
reorder the blocks that are written to disk. Hard disk drives do NOT
guarantee that cached data will survive a power outage.

Hard disk drives (except for some broken models, reported on the
Linux-Kernel mailing list, some 2.5" drives IIRC) allow to turn off the
cache, to make sure the writes are ordered.

SCSI drives have also offered the "tagged command queueing" features for
many years, which includes a "ordered tag" facility that makes sure that
all writes complete before the write with the ordered tag, and that all
writes after the ordered tag are not started earlier than the write that
was associated with the ordered tag.

The recent ATA standard revisions also support this "dma queued"
feature, but it's not as widely deployed, and Linux does not support it
currently. Later versions may, there are some developer patches. FreeBSD
supports it on IBM DPTA, DTLA and IC35* drives. The only other ATA
drives known to me that offer queueing are the IBM DTTA (currently
unsupported by FreeBSD, would require workaround) and the IBM DJNA (as
per Søren Schmidt, their tagged implementation is so flawed that it's
unusable).

(IBM DTLA and IC35L...AVER drives are claimed to be unreliable. I've had
four out of eight DTLA drives, bought in Early 2001, and from 3
different vendors fail on me within 18 months after purchase. Other
people reported AVER dying far too soon as well, go search Usenet).

However, to make drives look good in benchmarks, most drives ship with
the write cache enabled, and guess what? This defeats the ordering
mentioned in the previous section. The link(2) may have made it to the
drive's cache, but not be on disk. If the power fails before the drive
had a chance to flush the cache, the mail is again lost.

Guess even more: Linux does not by default use ordered tags properly.
I'm not aware of the current status of the "write barrier" patches; last
time, I looked, they were available for ATA and only for specific SCSI
systems, and not for all file systems, and were scheduled for Linux 2.6.
Chris Mason should know more on this topic.

So, to be really safe, you must for now switch the write cache off on
Linux.

I'm not sure how good other operating systems, including FreeBSD, are.

If in doubt, going with the write cache turned off is the safe way.
Tagged queueing compensates for some of the speed loss because it
overcomes the drive gets rid of the lock-step approach (accept block of
data, wait for disk to rotate, write, acknowledge write, reiterate) that
is inferred without write cache.

=== TUNING ===

There's not much about the drive's write cache unless the file system
you are using knows how to make use of ordered tags and the drive
supports these.

There is something about the -o sync though. On ext2fs or ext3fs, it is
possible to use chattr -R +S /var/qmail/queue and mount WITHOUT -o sync,
that way, other /var directories remain asynchronous (for example,
/var/lib/dhcp, /var/log and /var/spool/news).

With recent linux kernel, util-linux and e2fsprogs versions (I checked
e2fsck 1.28, util-linux 2.11u and Linux 2.4.19, as shipped e. g. on SuSE
Linux 8.1), there is an additional option: -o dirsync, and chattr -R +D
/var/qmail/queue.

The original patches that Andrew Morton had were against Linux
2.4.18-pre9, e2fsprogs 1.26 and util-linux 2.11n, so versions AFTER but
not including these are candidates. Use "strings /bin/mount | grep
dirsync" to find out if your util-linux is current enough. Just update
e2fsprogs to get the latest e2fsck bug fixes and chattr/lsattr support.

This -o dirsync (or chattr +D) makes only directory writes such as
link(2) synchronous, while leaving file writes asynchronous. BEWARE: on
very old systems, +D used to have a different meaning that was never in
use, this old meaning has been renamed to +Z.

So, instead of mount -o sync, you can use chattr -R +S on ext2fs or ext3fs
on any system. You can also go for mount -o dirsync or chattr -R +D
/var/qmail/queue on the state-of-the-art system.

Linux' -o dirsync on ext2fs and ext3fs corresponds to -o noasync on BSD
ffs without softupdates.

The chattr limits the impact to the directory it's applied to, while
mount -o [dir]sync applies to the whole partition; you'll have to decide
what you find appropriate.

chattr -R +D is not slower than chattr -R +S, but will usually be faster.
mount -o dirsync is not slower than mount -o sync, but will usually be faster.

I've made some benchmarks (only one run, so only look at the rough
relations) and found very strange results as to the ReiserFS behaviour
that I'll have to ask the ReiserFS team about, because -o sync does not
slow ReiserFS down considerably, and this is very suspicious.

Felix von Leitner uses ext3fs and will probably discourage from using
reiserfs when you ask him.

I'm not sure if -o sync has any effect of BSD softupdates. If it does,
softupdates + -o sync will be safe, if not, use a file system with the
classical ffs, without softupdates.

Here are the results of a bonnie benchmark, conducted with Linux 2.4.19
on a Maxtor 4W060H4 60 GB 5400/min ATA drive with write cache switched
off, attached to a VIA VT52C686 IDE adapter. ext2a means default (async)
mount. ext2d means -o dirsync. ext2s means -o sync. The machine had 140
MB free RAM and had its swap turned off for the test. The software is
Russell Coker's bonnie++-1.02c.

Looking at these figures, I wonder if the "mount -o sync has always just
cwmadeupdated the directory data synchronous" claim made by some Linux
Kernel folks still holds. If it did, sequential output would have had to
be much faster.

Remember, it's been a single run on a loaded workstation, so these
figures are not too accurate, but should give an idea of what's
happening. I'll offer ext3 figures later when the whole set of 9
benchmarks has completed (that is, combine each of (writeback, ordered,
journal) with each of (defaults, dirsync, sync)).

Version 1.02c ------Sequential Output------ --Sequential Input- --Random-
-Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
Machine Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP
ext2a 360M 5483 6 3187 4 28930 23 112.5 1
ext2d 360M 4974 4 3310 4 23403 17 97.2 1
ext2s 360M 191 0 637 1 30690 21 113.5 1
------Sequential Create------ --------Random Create--------
-Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--
files:max:min /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP
ext2a 10:10000:0/23 12141 97 +++++ +++ 1266 4 12307 97 +++++ +++ 1214 7
ext2d 10:10000:0/23 2073 15 +++++ +++ 1923 7 2185 17 19844 93 1605 8
ext2s 10:10000:0/23 17 0 4577 28 21 0 17 0 351 2 19 0

=== OTHER SYSTEMS AND FUTURE RESEARCH ===

5.1 OTHER SYSTEMS
5.2 FUTURE RESEARCH

--- OTHER SYSTEMS ---

I have been asked why Postfix's queue can go without -o sync on Linux.
The answer is simple: because it does chattr -R +S /var/spool/postfix on
start-up itself, have a look at /etc/postfix/postfix-script.

For the mailboxes, it will require dirsync (or sync) semantics just like
qmail.

However, Postfix's queue can go without even the +S or +D on ext3fs and
on reiserfs as of Linux 2.4 (not Linux 2.2), and it can go on
softupdates file systems. The reason is that Postfix does not distribute
its queue status across three files, but keeps a single file with an
internal structure that comprises an end marker record -- if this is
missing, the mail is not delivered. Postfix' queue process ends with a
fsync(), not with a link(). fsync() has the feature of flushing all
pending transactions with ext3fs (not ext2fs) and reiserfs as of Linux
2.4 (won't work with 2.2), so all pending directory updates (such as
open, which is prior to fsync()) will be on permanent media once the
fsync() call has returned.

--- FUTURE RESEARCH ---

* figure what file systems and kernel versions know how to use ordered
tags properly
* compile a list of all drives that support tagged queueing
* figure if reiserfs -o sync or -o dirsync are implemented and/or
working properly, and figure the chattr status
* figure if -o sync makes softupdates safe.
--
Matthias Andree
Matthias Andree
2002-11-12 23:11:52 UTC
Permalink
[blatant anti-qmail hatred, as always]
Hahahahahahhahaha!
That's pretty funny.
I thought you were a Postfix user? Why are you telling lies about qmail?
He is a troll. Trolls feed off attention.
Once you stop feeding him, he will go away.
Felix, please stop your run-away troll script. My mail that Russ and you
are referring to contained nothing but information supported by Dan. Are
you suggesting Dan is trolling?
--
Matthias Andree
Matthias Andree
2002-11-12 03:22:32 UTC
Permalink
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
Hahahahahahhahaha!
That's pretty funny.
I thought you were a Postfix user? Why are you telling lies about qmail?
Facts please. What is the lie?

Is there anything unclear about http://cr.yp.to/qmail/faq/reliability.html?

Quoting that reliability document:
"You may encounter people who dispute one or more of the above
statements. Those people don't know what they're talking about."

What's Postfix got to do with this?
Matthias Andree
2002-11-12 23:10:40 UTC
Permalink
We've been through this before. I just want to make sure that when
you lie, I tell the truth.
Send facts about the alleged lie please. Or are you on a vendetta, under
the motto of "never give in to Matthias Andree"? What is the truth? Are
you suggesting qmail is reliable on ext2fs without -o sync? With write
cache switched on? It is not. So please present details on the alleged
lie.
<shrug>. Why do you treat Dan as an authority one day, and nincompoop
another.
Please look at my past comments on that document. My comments were along
the lines of a) other MTAs cope with SOFTDEP, b) qmail was faster if it
supported SOFTDEP. This agrees with the current qmail/reliability.html
document, what's your point again?
Post by Matthias Andree
What's Postfix got to do with this?
Your motivation for saying things is colored by the fact that you
don't want people to run qmail.
Interesting allegation (gives insight in your attitute towards me), but
wrong. IF people decide they can live well with qmail's shortcomings
after they've been made aware of the problems, that's fine, the problems
are then known. I want to avoid them falling into traps, so I remind
them of the other requirements. It's a shame that you of all persons
need to allegate bad intentions. What has become of "full disclosure"?
Florian principle "do it, but not in front of my front door"?

I have seen NUL blocks in the mid of files on ReiserFS after a kernel
crash (I have NOT seen that with properly configured mail spool file
systems, regardless of which MTA I used, including qmail). And given
that configuration, nothing went wrong. ReiserFS cached the data, and
was interrupted by the crash in mid flight. (data=journal would have
prevented that corruption, but I did not have it deployed at that time).
Russell Nelson
2002-11-12 03:49:43 UTC
Permalink
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
Hahahahahahhahaha!
That's pretty funny.
I thought you were a Postfix user? Why are you telling lies about qmail?
Facts please. What is the lie?
We've been through this before. I just want to make sure that when
you lie, I tell the truth.
Is there anything unclear about http://cr.yp.to/qmail/faq/reliability.html?
"You may encounter people who dispute one or more of the above
statements. Those people don't know what they're talking about."
<shrug>. Why do you treat Dan as an authority one day, and nincompoop
another.
What's Postfix got to do with this?
Your motivation for saying things is colored by the fact that you
don't want people to run qmail.
--
-russ nelson http://russnelson.com |
Crynwr sells support for free software | PGPok | it's better to be free
521 Pleasant Valley Rd. | +1 315 268 1925 voice | than to be correct.
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX |
Matthias Andree
2002-11-12 23:15:55 UTC
Permalink
On Tue, 12 Nov 2002 00:32:46 +0100
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
No it's not. It's much recommended for the queue but aside from that its not necessary.
BSD softupdates are fine too.
Sure, if you don't want your mail crash-proof, go without. Your choice.
Even better, go without softupdates but with -o async, even faster, less
write operations, saves your hard disk drive. Switch on its write cache.
Mount on mfs.

Should I interpret this as "qmail is only fast enough if I make it
unreliable"? Dan had different intentions...
--
Matthias Andree
Seth Kurtzberg
2002-11-13 00:47:09 UTC
Permalink
Well, yes. Actually, even with sync and any other file system parameters you
might like to suggest, it is still not 100% reliable, although the vulnerable
periods are much shorter.

Being able to tolerate the unlikely but possible loss of an email is not
uncommon.
Post by Matthias Andree
On Tue, 12 Nov 2002 00:32:46 +0100
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
No it's not. It's much recommended for the queue but aside from that its
not necessary. BSD softupdates are fine too.
Sure, if you don't want your mail crash-proof, go without. Your choice.
Even better, go without softupdates but with -o async, even faster, less
write operations, saves your hard disk drive. Switch on its write cache.
Mount on mfs.
Should I interpret this as "qmail is only fast enough if I make it
unreliable"? Dan had different intentions...
--
Seth Kurtzberg
M. I. S. Corp
***@cql.com
1-480-661-1849 (GMT-7)
Lars Hansson
2002-11-12 04:21:34 UTC
Permalink
On Tue, 12 Nov 2002 00:32:46 +0100
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
No it's not. It's much recommended for the queue but aside from that its not necessary.
BSD softupdates are fine too.

---
Lars Hansson
Felix von Leitner
2002-11-12 12:48:59 UTC
Permalink
[blatant anti-qmail hatred, as always]
Hahahahahahhahaha!
That's pretty funny.
I thought you were a Postfix user? Why are you telling lies about qmail?
He is a troll. Trolls feed off attention.
Once you stop feeding him, he will go away.

Felix
Russell Nelson
2002-11-12 02:12:19 UTC
Permalink
Post by Matthias Andree
mount -o sync is mandatory for qmail on any Linux FS
Hahahahahahhahaha!

That's pretty funny.

I thought you were a Postfix user? Why are you telling lies about qmail?
--
-russ nelson http://russnelson.com |
Crynwr sells support for free software | PGPok | it's better to be free
521 Pleasant Valley Rd. | +1 315 268 1925 voice | than to be correct.
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX |
Matthias Andree
2002-11-13 03:51:24 UTC
Permalink
Well, yes. Actually, even with sync and any other file system parameters you
might like to suggest, it is still not 100% reliable, although the vulnerable
periods are much shorter.
Nope. The whole story about synchronous I/O is that you know when the
data have hit physical media, so you can defer accepting responsibility
by saying "250 Ok." until after you know your data is now crashproof on
disk.

Given the proper configuration (drive's cache, filesystem synchronous
mount), it is 100% reliable and crash-proof for non-bounce mail, not
taking unpredict-ed/-able hardware failure into account. No "time
window" games played.
Seth Kurtzberg
2002-11-13 14:54:32 UTC
Permalink
You say "not taking unpredicatable hardware failure into account." However,
that is hardly reliability.
Post by Matthias Andree
Well, yes. Actually, even with sync and any other file system parameters
you might like to suggest, it is still not 100% reliable, although the
vulnerable periods are much shorter.
Nope. The whole story about synchronous I/O is that you know when the
data have hit physical media, so you can defer accepting responsibility
by saying "250 Ok." until after you know your data is now crashproof on
disk.
Given the proper configuration (drive's cache, filesystem synchronous
mount), it is 100% reliable and crash-proof for non-bounce mail, not
taking unpredict-ed/-able hardware failure into account. No "time
window" games played.
--
Seth Kurtzberg
M. I. S. Corp
***@cql.com
1-480-661-1849 (GMT-7)
Matthias Andree
2002-11-13 15:47:46 UTC
Permalink
Post by Seth Kurtzberg
You say "not taking unpredicatable hardware failure into account." However,
that is hardly reliability.
What can software do about failures of the hardware depends on? Nothing.

What can software do to make sure it does not take responsibility for
data BEFORE it has been moved from volatile to permanent storage? Much.

What can the administrator to if the software is documented as requiring
synchronous directory updates? Make sure the environment suits the
requirements.
Seth Kurtzberg
2002-11-13 20:13:31 UTC
Permalink
Actually, the technology for handling hardware errors in software for these
purposes is well known and mature. Not that I'm suggesting it is sensible
to do so in a mail server. I write DBMS engines and we guarantee not to lose
data even in the presence of hardware failures (using transactional
semantics).
Post by Matthias Andree
Post by Seth Kurtzberg
You say "not taking unpredicatable hardware failure into account."
However, that is hardly reliability.
What can software do about failures of the hardware depends on? Nothing.
What can software do to make sure it does not take responsibility for
data BEFORE it has been moved from volatile to permanent storage? Much.
What can the administrator to if the software is documented as requiring
synchronous directory updates? Make sure the environment suits the
requirements.
--
Seth Kurtzberg
M. I. S. Corp
***@cql.com
1-480-661-1849 (GMT-7)
Charles Cazabon
2002-11-20 00:54:29 UTC
Permalink
I'm using qmail with vpopmail/qmail-scanner.
[...]
In other words it's an open relay.
Nope. Show us exactly why you think so.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Benjamin Charles Tehan
2002-11-20 02:34:42 UTC
Permalink
Show you why it's an open relay?

For example:

neither domain1.com and domain2.com are hosted on my server, they aint in
control/rcpthosts file but yet if I telnet to the box on port 25 and manualy
send a mail from ***@domain1.com too ***@domain2.com it's accepted
by qmail and relayed.

I'm assuming it's got something to do with qmail-scanner but I never had this
problem before with it.

I even changed the mode of control/rcpthosts to 777 just to make sure it's
not a mode but that did not help either


If any of the below helps.

My run file for smtpd
 
#!/bin/sh
 
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
export QMAILQUEUE
#the following is all on 1 line.
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 503 -g 502 0 smtp
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &
 
 
My tcp.smtp file is like such... it's about 100 lines long.
 
203.121.28.:allow,RELAYCLIENT=""
203.121.29.:allow,RELAYCLIENT=""
203.121.30.:allow,RELAYCLIENT=""
203.121.31.:allow,RELAYCLIENT=""
218.18.53.24:allow,RELAYCLIENT=""
Post by Charles Cazabon
I'm using qmail with vpopmail/qmail-scanner.
[...]
In other words it's an open relay.
Nope. Show us exactly why you think so.
Charles
Charles Cazabon
2002-11-20 03:28:47 UTC
Permalink
Please don't top-post. It makes your messages difficult to read. I've fixed
your broken quoting for this reply.
Post by Benjamin Charles Tehan
Post by Charles Cazabon
In other words it's an open relay.
Nope. Show us exactly why you think so.
Show you why it's an open relay?
No, I said "show us exactly why you think [it's an open relay]".
Post by Benjamin Charles Tehan
neither domain1.com and domain2.com are hosted on my server, they aint in
control/rcpthosts file but yet if I telnet to the box on port 25 and manualy
by qmail and relayed.
From what machine, exactly? And give us the unedited, complete output of the
`qmail-showctl` command. And your machine name an IP address(es).
Post by Benjamin Charles Tehan
I'm assuming it's got something to do with qmail-scanner but I never had this
problem before with it.
qmail isn't an open relay by default. You have to go to a bit of trouble to
turn it into one.
Post by Benjamin Charles Tehan
I even changed the mode of control/rcpthosts to 777 just to make sure it's
not a mode but that did not help either
Random changes don't fix things, they just confuse the issue.
Post by Benjamin Charles Tehan
My tcp.smtp file is like such... it's about 100 lines long.
We can't help you with "like" information. Give us the complete file.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
George Georgalis
2002-11-20 04:54:44 UTC
Permalink
Post by Benjamin Charles Tehan
Show you why it's an open relay?
neither domain1.com and domain2.com are hosted on my server, they aint in
control/rcpthosts file but yet if I telnet to the box on port 25 and manualy
by qmail and relayed.
My tcp.smtp file is like such... it's about 100 lines long.
?
203.121.28.:allow,RELAYCLIENT=""
203.121.29.:allow,RELAYCLIENT=""
203.121.30.:allow,RELAYCLIENT=""
203.121.31.:allow,RELAYCLIENT=""
218.18.53.24:allow,RELAYCLIENT=""
so did you telnet from an ip in your tcp.smtp allow definition?

// George
--
GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229
Security Services, Web, Mail, mailto:***@galis.org
File, Print, DB and DNS Servers. http://www.galis.org/george
Benjamin Charles Tehan
2002-11-20 07:48:55 UTC
Permalink
I see the problem.

If the ip is in the tcp.smtp file it doesnt bother about the rcpthosts file..

That truely sucks, I'd hope to think it checks the rcpthosts file no matter
what ip address they are connecting from.

I assumed tcpserver used the tcp.smtp file only to check who was allowed to
connect to the server before passing the connection to qmail-smtpd.
I also assumed qmail-smtpd then checked to see if the TO/FROM was a domain
listed in the rcpthosts file

Is it possible to set it up so qmail checks the rcpthosts file even if they
are using an ip address in tcp.smtp?
Post by George Georgalis
Post by Benjamin Charles Tehan
Show you why it's an open relay?
neither domain1.com and domain2.com are hosted on my server, they aint in
control/rcpthosts file but yet if I telnet to the box on port 25 and
it's accepted by qmail and relayed.
My tcp.smtp file is like such... it's about 100 lines long.
?
203.121.28.:allow,RELAYCLIENT=""
203.121.29.:allow,RELAYCLIENT=""
203.121.30.:allow,RELAYCLIENT=""
203.121.31.:allow,RELAYCLIENT=""
218.18.53.24:allow,RELAYCLIENT=""
so did you telnet from an ip in your tcp.smtp allow definition?
// George
Charles Cazabon
2002-11-20 13:49:58 UTC
Permalink
Post by Benjamin Charles Tehan
I see the problem.
If the ip is in the tcp.smtp file it doesnt bother about the rcpthosts file..
No, not at all. rcpthosts is ignored if and only if the environment variable
RELAYCLIENT is set. You can use tcpserver's rules database to selectively set
this variable on a per-IP basis.
Post by Benjamin Charles Tehan
I assumed tcpserver used the tcp.smtp file only to check who was allowed to
connect to the server before passing the connection to qmail-smtpd.
Read the documentation for ucspi-tcp again; you can also use the rules
database to allow or deny connections on a per-IP basis.
Post by Benjamin Charles Tehan
I also assumed qmail-smtpd then checked to see if the TO/FROM was a domain
listed in the rcpthosts file
It checks whether the envelope recipient address (in RCPT TO:) domain is in
rcpthosts; that's where the name comes from.
Post by Benjamin Charles Tehan
Is it possible to set it up so qmail checks the rcpthosts file even if they
are using an ip address in tcp.smtp?
No, because there's no point. You're misunderstanding how the system is
supposed to work; please go read everything concerning selective relaying
several times.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Cory Wright
2002-11-20 03:24:43 UTC
Permalink
Post by Benjamin Charles Tehan
neither domain1.com and domain2.com are hosted on my server, they aint in
control/rcpthosts file but yet if I telnet to the box on port 25 ...
Did you telnet from one of the IP's listed in /etc/tcp.smtp that sets RELAYCLIENT?

Cory
Albert Meltzer
2002-11-20 08:09:53 UTC
Permalink
Post by Benjamin Charles Tehan
I assumed tcpserver used the tcp.smtp file only to check who was
allowed to connect to the server before passing the connection to
qmail-smtpd. I also assumed qmail-smtpd then checked to see if the
TO/FROM was a domain listed in the rcpthosts file
There is a difference between listing an IP address in the tcprules file
and listing that address with a RELAYCLIENT variable set.
Charles Cazabon
2002-11-26 13:35:09 UTC
Permalink
Will someone please be so kind as to show me their xinetd entry for qmail?
xinetd isn't commonly used for qmail; use tcpserver instead. It's simpler to
configure anyway.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Richard Archer
2002-11-26 21:47:44 UTC
Permalink
Will someone please be so kind as to show me their xinetd entry for qmail?
Well, the following works for me, although I'm a xinetd newbie.
Watch out for the wrapped pop3 "server_args" line.

...R.


[***@mel01 xinetd.d]# cat pop3
# default: off
# description: pop3
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /var/qmail/bin/qmail-popup
server_args = localhost /var/qmail/bin/checkpassword-pam -s pop3
/var/qmail/bin/qmail-pop3d .Maildir
log_on_failure += USERID
[***@mel01 xinetd.d]# cat smtp
# default: off
# description: qmail smtp server
service smtp
{
disable = no
socket_type = stream
wait = no
user = qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/in.smtpd
log_on_failure += USERID EXIT DURATION
}
[***@mel01 xinetd.d]# cat /var/qmail/bin/in.smtpd
#!/bin/sh
unset RELAYCLIENT
case $TCPREMOTEIP in
127.0.0.1) RELAYCLIENT="";;
192.168.5.*) RELAYCLIENT="";;
esac
export RELAYCLIENT
logger -i -t in.smtpd -p mail.notice "from $TCPREMOTEHOST ($TCPREMOTEIP)"
exec /var/qmail/bin/qmail-smtpd
Aadish Shrestha
2002-11-27 04:01:13 UTC
Permalink
"qmail the Quick Way" is the answer.

http://www.shrestha.net.np/aadish/junkbox

aadish.
Will someone please be so kind as to show me their xinetd entry for qmail?
Thanks,
Rob
Charles Cazabon
2002-12-03 20:20:14 UTC
Permalink
On friday I installed the SMTP Auth patch and all works great.
There are several different SMTP AUTH patches available.
Everyone is able to send without errors, however when I'm at work
and I try to send a message I get the 553 sorry, that domain isn't
in my list of allowed rcpthosts error.
[that's a strange definition of "works great"]

And is the MUA or MTA you're trying to send with actually configured to try
SMTP AUTH?

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Joe Oaks
2002-12-03 20:50:05 UTC
Permalink
Post by Charles Cazabon
There are several different SMTP AUTH patches available.
http://members.elysium.pl/brush/qmail-smtpd-auth/
Version 0.30
Post by Charles Cazabon
[that's a strange definition of "works great"]
well I meant works great, except when I got to work yesterday I, and only
me, could not send.
Post by Charles Cazabon
And is the MUA or MTA you're trying to send with actually configured to try
SMTP AUTH?
Yes I'm using outlook, and it works when I'm at home, just not at work,
unless
I set the proxy servers IP in the tcp.smtp file.

Why would this work from home and not from work? We use a firewall/proxy and
socks servers at HP, so when I'm there I have to use the socks client and
proxy settings to get out? But if I'm able to connect and receive my mail
as normal, then why is the smtp auth not working via the proxy/firewall?
I know that's a question for the smtp auth mailing list and have posed that
to them. I just wondering from qmail stand point if my setting were correct
and maybe it was a typo that I had in my conf.

Joe
Charles Cazabon
2002-12-03 21:24:51 UTC
Permalink
Post by Joe Oaks
Post by Charles Cazabon
[that's a strange definition of "works great"]
well I meant works great, except when I got to work yesterday I, and only
me, could not send.
Do you mean that others could relay through your server from the same IP
address with different credentials?
Post by Joe Oaks
Why would this work from home and not from work?
At home, you might not need AUTH at all, as your static addresses are likely
configured as permitted relay clients with tcpserver's rules database feature.
Post by Joe Oaks
I know that's a question for the smtp auth mailing list and have posed that
to them.
I think that's best.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Charles Cazabon
2002-12-20 13:55:57 UTC
Permalink
I'm guessting that you've got some software which still doesn't work
properly with all-zeroes or all-ones addresses, even if you're using
supernetting. Specifically, if you have a subnet mask of
255.255.254.0, that software won't let you use 1.2.2.255 or 1.2.3.0
even though those *aren't* all-zeroes or all-ones.
I'm not 100% certain about any of this, but I feel like the "some software"
has to be qmail. I can telnet to the box (and I'm also wrapping telnet
with ucspi-tcp, so that suggests it's not that), I can pop mail out of the
box (I'm using vchkpw, but like I say it works), and I can hit the Web server,
I just can't connect to smtp. The thing that really puzzles me is that the
connection never shows up in netstat when connecting to port 25, but does
fine with the other services.
Actually, that sounds more like firewall rules are preventing the connection.
What OS and version are you using?

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Ruprecht Helms
2002-12-20 17:36:41 UTC
Permalink
Hi Charles Cazabon,
Post by Charles Cazabon
Actually, that sounds more like firewall rules are preventing the connection.
What OS and version are you using?
If he is using tcp/ip this problem is normaly independent to any OS.
The last 0 ever is the host itselve and the last 255 is standing
for broadcast. That is also the reason why by magnifying 8 for building
the hostsum for subnetting you have to reduce 2.

Regards,
Ruprecht

----------------------------------
Ruprecht Helms IT-Service und Softwareentwicklung

Tel/Fax.: +49[0]7621 16 99 16
Homepage: http://www.rheyn.de
email: ***@rheyn.de
----------------------------------
Russell Nelson
2002-12-20 21:48:34 UTC
Permalink
Post by Ruprecht Helms
Hi Charles Cazabon,
Post by Charles Cazabon
Actually, that sounds more like firewall rules are preventing the connection.
What OS and version are you using?
If he is using tcp/ip this problem is normaly independent to any OS.
The last 0 ever is the host itselve and the last 255 is standing
for broadcast.
This is not true if the network is super- or sub-netted. If the
subnet mask is 255.255.254.0, then you have:

1.2.2.0 is the host itself.
1.2.2.255 is just another host.
1.2.3.0 is just another host.
1.2.3.255 is the broadcast address.

If the subnet mask is 255.255.255.128, then you have:

1.2.2.0 is the host itself.
1.2.2.127 is a broadcast address on one subnet.
1.2.2.128 is the host itself.
1.2.2.255 is a broadcast address on another subnet.

and this presumes that your router supports all-ones and all-zeroes
subnet numbers. I expect that most do, these days. It used to be
that you had to discard two subnets.
--
-russ nelson http://russnelson.com | You can ignore economics,
Crynwr sells support for free software | PGPok | but economics isn't going
521 Pleasant Valley Rd. | +1 315 268 1925 voice | to ignore you.
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX |
John Drummond
2002-12-20 14:44:28 UTC
Permalink
Post by Charles Cazabon
I'm not 100 certain about any of this, but I feel like the "some software"
has to be qmail. I can telnet to the box (and I'm also wrapping telnet
with ucspi-tcp, so that suggests it's not that), I can pop mail out of the
box (I'm using vchkpw, but like I say it works), and I can hit the Web server,
I just can't connect to smtp. The thing that really puzzles me is that the
connection never shows up in netstat when connecting to port 25, but does
fine with the other services.
Actually, that sounds more like firewall rules are preventing the connection.
What OS and version are you using?
Charles
Slackware Linux version 8, running kernel 2.4.17.

I doubt it's any firewall, but there's another piece to the puzzle. The network
that the problematic machines are on is run by a 3rd party, a university who
is leasing us the IP space. Of course, their administrator swore up and down
that it's nothing on their end, and refused to remove the .0 and .255 hosts
from their dhcp pools.

It's no firewall on my end, and I doubt it's a firewall on their end since nobody
knew of any problems before, and they've been using this subnetting scheme
for a few years.

Regards,

John Drummond
Scott Gifford
2002-12-21 08:33:03 UTC
Permalink
Post by John Drummond
Post by Charles Cazabon
I'm not 100 certain about any of this, but I feel like the "some software"
has to be qmail. I can telnet to the box (and I'm also wrapping telnet
with ucspi-tcp, so that suggests it's not that), I can pop mail out of the
box (I'm using vchkpw, but like I say it works), and I can hit the Web server,
I just can't connect to smtp. The thing that really puzzles me is that the
connection never shows up in netstat when connecting to port 25, but does
fine with the other services.
Actually, that sounds more like firewall rules are preventing the connection.
What OS and version are you using?
Charles
Slackware Linux version 8, running kernel 2.4.17.
I doubt it's any firewall, but there's another piece to the puzzle. The network
that the problematic machines are on is run by a 3rd party, a university who
is leasing us the IP space. Of course, their administrator swore up and down
that it's nothing on their end, and refused to remove the .0 and .255 hosts
from their dhcp pools.
tcptraceroute might tell you which hop along the way is blocking your
packets:

http://michael.toren.net/code/tcptraceroute/

Good luck,

----ScottG.
Charles Cazabon
2003-02-27 13:45:33 UTC
Permalink
goodguys: joe,bob,george
Sorry, I couldn't find any host named me.me. (#5.1.2)
[...]

That's abnormal.
Is there a way (short of adding the domain name to the alias recipients in
the /etc/alias file) to get qmail to resolve the alias recipients as either
I strongly suspect this is what is happening. Post the complete, unedited
output of the qmail-showctl command.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
t***@attbi.com
2003-02-28 04:37:42 UTC
Permalink
Here is the qmail

qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 4701, 4702, 4703, 0, 4704, 4705, 4706, 4707.
group ids: 1071, 1072.

badmailfrom: (Default.) Any MAIL FROM is allowed.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is unibi4.unibi.com.

concurrencylocal: (Default.) Local concurrency is 10.

concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is unibi.com.

defaulthost: Default host name is unibi.com.

doublebouncehost: (Default.) 2B recipient host: unibi4.unibi.com.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is unibi4.unibi.com.

helohost: (Default.) SMTP client HELO host name is unibi4.unibi.com.

idhost: (Default.) Message-ID host name is unibi4.unibi.com.

localiphost: (Default.) Local IP address becomes unibi4.unibi.com.

locals:
Messages for unibi4.unibi.com are delivered locally.
Messages for localhost are delivered locally.

me: My name is unibi4.unibi.com.

percenthack: (Default.) The percent hack is not allowed.

plusdomain: Plus domain name is unibi.com.

qmqpservers: (Default.) No QMQP servers.

queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at unibi4.unibi.com.
SMTP clients may send messages to recipients at localhost.

morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 unibi4.unibi.com.

smtproutes:
SMTP route: :neptune.unibi.com

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains: (Default.) No virtual domains.

defaultdelivery: I have no idea what this file does.

concurrencyincoming: I have no idea what this file does.

smtproutes~: I have no idea what this file does.

locals~: I have no idea what this file does.
Post by Charles Cazabon
goodguys: joe,bob,george
Sorry, I couldn't find any host named me.me. (#5.1.2)
[...]
That's abnormal.
Is there a way (short of adding the domain name to the alias recipients in
the /etc/alias file) to get qmail to resolve the alias recipients as either
I strongly suspect this is what is happening. Post the complete, unedited
output of the qmail-showctl command.
Charles
--
---------------------------------------------------------------------------
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Charles Cazabon
2003-02-28 14:27:12 UTC
Permalink
Post by t***@attbi.com
Here is the qmail
Okay, that's not the problem, or at least doesn't appear to be. I don't see
Post by t***@attbi.com
Is there a way (short of adding the domain name to the alias recipients
in the /etc/alias file)
You do mean /etc/aliases and /etc/aliases.cdb, don't you? Yes, just change
your rule from:

foo: joe, fred, bob

to:

foo: ***@host.domain, ***@host.domain, ***@host.domain

And, of course, run newalises.

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Charles Cazabon
2003-05-10 16:09:28 UTC
Permalink
I have a question, I have googled and couldn't find anything even close. I
want to be able to copy a complete working qmail install from one computer
to another. We are moving to another server I I don't have access to the
development box I compiled everything on. What I am looking for is the
ownership and security permissions on all the files and directories
including the queue.
`ls -l` will give you that.

It's usually easiest (and quickest) to just recompile on the new server, but
if you can't because you have no development tools, remember that you have to
put everything in the same places (conf-qmail is a compile-time value), and the
user IDs of each of the qmail users have to be the same (again, conf-users is
compile-time).

Charles
--
---------------------------------------------------------------------------
Charles Cazabon <***@discworld.dyndns.org>
GPL'ed software available at: http://www.qcc.ca/~charlesc/software/
Read http://www.qcc.ca/~charlesc/writings/12-steps-to-qmail-list-bliss.html
---------------------------------------------------------------------------
Loading...