| View previous topic :: View next topic |
| Author |
Message |
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
 Posted: Mon Apr 19, 2004 7:56 pm Post subject: |
 |
|
| dik wrote: | Anyone able to help?
I followed the instructions word for word (well at least i think I did..)
When trying to add a new domain, I get the following
| Quote: |
could not connect to mysql update server Access denied for user: 'vpopmail@localhost' (Using password: YES) with database
could not connect to mysql update server Access denied for user: 'vpopmail@localhost' (Using password: YES)
vmysql: sql error[c]: MySQL server has gone away
vmysql: sql error[b]: MySQL server has gone away
vmysql: sql error[3]: MySQL server has gone away
vmysql: sql error[c]: MySQL server has gone away
vmysql: sql error[c]: MySQL server has gone away
vmysql: sql error[b]: MySQL server has gone away
vmysql: sql error[3]: MySQL server has gone away
vmysql: sql error[2]: MySQL server has gone away
Error: Unable to chdir to vpopmail/users directory
|
Any ideas ? I think possibly it's trying to connect to the mySQL database, but using the wrong password? I dont -really- know what else to try..
Any help would be appreciated.
Thanks, |
Dik, make sure you have edited /etc/vpopmail.conf to match the password you supplied for vpopmail on Mysql.
Simply nano -w /etc/vpopmail.conf and replace SECRET or TOPSECRET with the password you supplied while granting privileges to vpopmail in MYSQL. |
|
| Back to top |
|
 |
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Mon Apr 19, 2004 8:25 pm Post subject: |
|
|
I would agree Pardok. Because I was trying to get SMTP working for my Pop3 users, I also setup relay-ctrl right shortly before I rebooted. So I'll await a response to your post  |
|
| Back to top |
|
|
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
| Posted: Mon Apr 19, 2004 8:37 pm Post subject: |
|
|
Vcihon,
Are you perchance running behind a router?
Doing some research, I found that you have to account for your router's internal and external IP address in rcpthosts and tcprules.d.......
I'm going to try out Blubbi's HOW-TO again with this info. It might be the problem......
I'll let you know how it works. If you'd like, check out this thread:
https://forums.gentoo.org/viewtopic.php?t=25429&highlight=tcprules |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Mon Apr 19, 2004 9:36 pm Post subject: |
|
|
I'm not behind a router. . .sorry.
One thing I wonder looking over Blubbi's HOWTO:
I had to create RELAY_CTRL_RELAYCLIENT and add the line in the doc. I am curious about the | Code: | | RELAYCLIENT='@fixup', |
I have not configured the spam control yet and changed the line to read
| Code: | :allow,RELAYCLIENT='@fixup',RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
|
I wonder if it has to read:
| Code: | :allow,RELAYCLIENT='@realdomainname',RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
|
|
|
| Back to top |
|
|
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
| Posted: Mon Apr 19, 2004 9:55 pm Post subject: |
|
|
Perhaps.
I'll try it. I'm almost finished installing and I'll move onto the debugging.
I think you may be right. Would it be hostname, FQDN, or just DN? I'm wondering what @fixup stands for...... |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Mon Apr 19, 2004 10:01 pm Post subject: |
|
|
Pardok - found it.
Slott-Hansen had noted earlier in the thread:
| Quote: | I just took a closer look my "/etc/courier-imap/pop3d" file and saw that "AUTHMODULES" wasnt changed to use the new auth. program. It's not stated in the walkthrough so maybe others have made the same mistake as I
#AUTHMODULES="authdaemon"
# Use vpopmail auth.
AUTHMODULES="authvchkpw"
_________________ |
I changed mine and restarted courier-pop3d and I was good to go. I'm going to reboot to verify and will only post if it doesn't work. |
|
| Back to top |
|
|
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
| Posted: Mon Apr 19, 2004 10:19 pm Post subject: |
|
|
I remeber seeing that post and trying it awhile ago. However, I may have made a mistake. HOpe it works!
Also, did you have to change your RELAY_CTRL_RELAYCLIENT? Or did you leave it as it is in the walkthrough? |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Mon Apr 19, 2004 10:27 pm Post subject: |
|
|
Good news and bad news.
My previous post solved the pop3 auth problem upon reboot.
However SMTP_AUTH is still not working. When I try to send email from my client, it tells me that | Quote: | | the domainis not in my list of allowed rcpthosts (#5.7.1) |
I checked my /var/qmail/control/rcpthosts and the domains appear correct.
Any ideas anyone? |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Tue Apr 20, 2004 12:09 am Post subject: |
|
|
| Quote: | | Also, did you have to change your RELAY_CTRL_RELAYCLIENT? Or did you leave it as it is in the walkthrough? |
I had to create the file RELAY_CTRL_RELAYCLIENT and then add the line from the Howto. |
|
| Back to top |
|
|
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
| Posted: Tue Apr 20, 2004 4:08 am Post subject: |
|
|
Vcihon,
I *finally* got my server working (after so many weeks). And I think the problem you're facing with with your /etc/tcprules.d/tcp.qmail-smtp. I had the same problem and fixed it like this:
here my file:
| Code: | # to update the database after changing this file, run:
# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
#------------------------------------------------------
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set 'allow', this means that our mail server will allow
# the specified IP range to make a TCP connection to our server
#
# If you set 'deny', this means that our mail server will not allow
# the specified IP range to make a TCP connection to our server
#
# If you set RELAYCLIENT="", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT="", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD="", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD="some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD="-some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#
#-----------------------------------------------------
# HERE ARE THE RULES! :
#-----------------------------------------------------
# BYPASS OPEN RELAY CHECKING FOR THESE IPS :
#
# These IPs are ones that we have setup so that they arent RBL checked.
# We have done this because these particular servers are RBL listed,
# and for whatever reason they can't/won't fix their open relay problem,
# and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story...
#111.111.111.111:allow,RBLSMTPD=""
# reminder text goes here for this entry so we know the story...
#222.222.222.222:allow,RBLSMTPD=""
#
#-----------------------------------------------------------------
# DONT ALLOW THESE IPS TO SEND MAIL TO US :
#
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
#216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
#
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
#64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#
#-----------------------------------------------------------------
# ALLOW THESE IPS TO RELAY MAIL THROUGH OUR SERVER
#
# Local class-c's from our LAN are allowed to relay,
# and we wont bother doing any RBL checking.
#123.123.123.:allow,RELAYCLIENT="",RBLSMTPD=""
#123.111.111.:allow,RELAYCLIENT="",RBLSMTPD=""
#
# Connections from localhost are allowed to relay
# (because the WebMail server runs on localhost),
# and obviously there is no point trying to perform an RBL check.
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#
#-----------------------------------------------------------------
# ALLOW EVERYONE ELSE TO SEND US MAIL
#
# Everyone else can make connections to our server,
# but not allowed to relay
# RBL lookups are performed
#:allow
# If you are using qmail-scanner, this line here is the correct one to use
# instead (comment out the above ':allow' line FIRST) and applies that script
# to any mail coming in that is not from a host allowed to relay. You can
# change the value of the variable to any other value you desire to use custom
# scripts for example.
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
192.168.0.xxx(MY INTERNAL IP ADDRESS):allow,RELAYCLIENT="",RBLSMTPD="",\
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,RELAYCLIENT="",RBLSMTPD="",\
QMAILQUEUE="/var/qmail/bin/qmail-queue"
192.168.0.xxx(MY ROUTER'S IP ADDRESS):allow,RELAYCLIENT="",RBLSMTPD="",\
QMAILQUEUE="/var/qmail/bin/qmail-queue"
24.9.xxx.xxx(MY EXTERNAL IP):allow,RELAYCLIENT="",RBLSMTPD="",\
QMAILQUEUE="/var/qmail/bin/qmail-queue" |
I'm thinking that e-mail sent from outside your network is being relayed through a different IP address, thus dying when it hits your relay controls. Perhaps your ISP is behind a router? Perhaps you don't account for your external IP?
I'm thinking if you check these out, you'll get SMTP working.
This is all I can think of. Maybe someone has a better answer? |
|
| Back to top |
|
|
blubbi
Guru
Joined: 27 Apr 2003
Posts: 564
Location: Halle (Saale), Germany
|
| Posted: Tue Apr 20, 2004 7:04 am Post subject: |
|
|
| vcihon wrote: | I'm not behind a router. . .sorry.
One thing I wonder looking over Blubbi's HOWTO:
I had to create RELAY_CTRL_RELAYCLIENT and add the line in the doc. I am curious about the | Code: | | RELAYCLIENT='@fixup', |
I have not configured the spam control yet and changed the line to read
| Code: | :allow,RELAYCLIENT='@fixup',RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
|
I wonder if it has to read:
| Code: | :allow,RELAYCLIENT='@realdomainname',RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
|
|
Fixup is another piece of the qmail puzzle.
It "fix up" the broken email (wrong EOL
conventions in their implementation of SMTP ... ) in some buggy mail scripts or old/broken mailclients like Eudora or Outlook. It's not necessary to use that part of it.
Isn't it working for you with '@fixup' ? I forgot to mention:
replace "@fixup" with "@fqdn" or what ever adress you want.
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered
http://olausson.de |
|
| Back to top |
|
|
blubbi
Guru
Joined: 27 Apr 2003
Posts: 564
Location: Halle (Saale), Germany
|
| Posted: Tue Apr 20, 2004 7:52 am Post subject: |
|
|
By the way, I have still no clue why SMTP-AUTH is not working ... any suggestions here, or anyone who has SMTP-AUTH working ?
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered
http://olausson.de |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Tue Apr 20, 2004 2:34 pm Post subject: |
|
|
Pardok -
That fixed it. It is either removing the @fixup or the order of the stmp rules.
Blubbi -
Can you clarify what you mean that @fixup should be @fqdn ?
Should it be @alextechstudio.com (my domain name)???
Finally for both (all), I now need to verify that I'm not an open relay which I believe I might be if the SMTP-AUTH is not truly working. My SMTP is not asking for authentication but I'm not sure it will. . .
I'll report back.
Thanks to all. |
|
| Back to top |
|
|
blubbi
Guru
Joined: 27 Apr 2003
Posts: 564
Location: Halle (Saale), Germany
|
| Posted: Tue Apr 20, 2004 5:07 pm Post subject: |
|
|
| vcihon wrote: | Pardok -
That fixed it. It is either removing the @fixup or the order of the stmp rules.
Blubbi -
Can you clarify what you mean that @fixup should be @fqdn ?
Should it be @alextechstudio.com (my domain name)???
Finally for both (all), I now need to verify that I'm not an open relay which I believe I might be if the SMTP-AUTH is not truly working. My SMTP is not asking for authentication but I'm not sure it will. . .
I'll report back.
Thanks to all. |
fixup should be any name you would like to see there. Mostly it would be the hostname.
for example "@alextechstudio.com"
If you have installed smtp after pop you are no open rely, you can test this:
Try to send a mail to someone without having checked your mail for the time you have specified in your relaycontrol config. If everything works, you should not be able to send mails. Now check your mailaccount and than try to send the mail again. Now it should work for the specified timeperiode
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered
http://olausson.de |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Tue Apr 20, 2004 7:04 pm Post subject: |
|
|
| It appears, based on Blubbi's test and some test I did on the Internet, I am an open relay so something is not working. . ..if I find out what's going on, I'll post it here. |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Tue Apr 20, 2004 8:48 pm Post subject: |
|
|
Well it's definately not working. Had the relay up and in a couple of hours, I found I have over 5000 emails relaying from my server. Also, ORBD classified it as an open relay <sigh>.
Here is my tcp.qmail-smtp
| Code: | # to update the database after changing this file, run:
# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
#------------------------------------------------------
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set 'allow', this means that our mail server will allow
# the specified IP range to make a TCP connection to our server
#
# If you set 'deny', this means that our mail server will not allow
# the specified IP range to make a TCP connection to our server
#
# If you set RELAYCLIENT="", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT="", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD="", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD="some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD="-some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#
#-----------------------------------------------------
# HERE ARE THE RULES! :
#-----------------------------------------------------
# BYPASS OPEN RELAY CHECKING FOR THESE IPS :
#
# These IPs are ones that we have setup so that they arent RBL checked.
# We have done this because these particular servers are RBL listed,
# and for whatever reason they can't/won't fix their open relay problem,
# and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story...
#111.111.111.111:allow,RBLSMTPD=""
# reminder text goes here for this entry so we know the story...
#222.222.222.222:allow,RBLSMTPD=""
#
#-----------------------------------------------------------------
# DONT ALLOW THESE IPS TO SEND MAIL TO US :
#
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
#216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
#
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
#64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#
#-----------------------------------------------------------------
# ALLOW THESE IPS TO RELAY MAIL THROUGH OUR SERVER
#
# Local class-c's from our LAN are allowed to relay,
# and we wont bother doing any RBL checking.
#123.123.123.:allow,RELAYCLIENT="",RBLSMTPD=""
#123.111.111.:allow,RELAYCLIENT="",RBLSMTPD=""
#:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
#
# Connections from localhost are allowed to relay
# (because the WebMail server runs on localhost),
# and obviously there is no point trying to perform an RBL check.
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#
#-----------------------------------------------------------------
# ALLOW EVERYONE ELSE TO SEND US MAIL
#
# Everyone else can make connections to our server,
# but not allowed to relay
# RBL lookups are performed
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-queue"
# If you are using qmail-scanner, this line here is the correct one to use
# instead (comment out the above ':allow' line FIRST) and applies that script
# to any mail coming in that is not from a host allowed to relay. You can
# change the value of the variable to any other value you desire to use custom
# scripts for example.
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,RELAYCLIENT="@alextechstudio.com",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
24.123.161.30:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
|
If anyone sees anything, or any other ideas how to troubleshoot this, let me know. |
|
| Back to top |
|
|
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
| Posted: Tue Apr 20, 2004 9:31 pm Post subject: |
|
|
Hmmm........
I'm in no way a Qmail guru and know even less about relaying....
Can anyone explain the difference between qmail-queue and qmail-scanner-queue.pl?
Perhaps you have to pipe external relays through qmail-scanner-queue.pl.
I don't know.
My config is correctly relaying, but I only have 2 users on my domain....and am not using it widely. |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Tue Apr 20, 2004 11:36 pm Post subject: |
|
|
Pardok -
Have you already set your email up for Spam Assasin scanning? That is what I thought qmail-scanner-queue.pl was for and I was waiting to set that up until after I knew it worked.
Also, are you sure you are also not an open relay? You can go tohttp://www.ordb.org/submit/ in order to test it.
So either you are an open relay too and don't know it or I need to point it to qmail-scanner-queue.pl. I'd rather wait for your reply. .  |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Wed Apr 21, 2004 1:31 am Post subject: |
|
|
Blubbi or anyone -
I wonder if the problem has to do with /var/qmail/control/me file. Currently, I have that pointing to my full machine name - instead of to the mx record which is shortened to the domain name.
cat me
machinename.domainname.com
however my clients use:
domainname.com as their pop3 and smtp server.
Could that be the problem?
I got this because of:
| Quote: | QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
|
|
|
| Back to top |
|
|
Pardok
n00b
Joined: 30 Mar 2004
Posts: 29
|
| Posted: Wed Apr 21, 2004 2:00 am Post subject: |
|
|
Hmmmmm,
According to the link you provided, mine also has an Open Relay.
I'm running IMAP and not POP. I don't know where to begin fixing this......
Going to do an internet search because I couldn't find anything dealing with this on the forums.
EDIT:
Ok, it's definitely tcprules.d settings.
I found this http://mail-abuse.org/tsi/ar-fix.html that seems to offer a fix.
Here is my current tcp.qmail-smtp:
| Code: | # to update the database after changing this file, run:
# tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/.tcp.qmail-smtp.tmp < /etc/tcprules.d/tcp.qmail-smtp
#------------------------------------------------------
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set 'allow', this means that our mail server will allow
# the specified IP range to make a TCP connection to our server
#
# If you set 'deny', this means that our mail server will not allow
# the specified IP range to make a TCP connection to our server
#
# If you set RELAYCLIENT="", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT="", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD="", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD="some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD="-some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#
#-----------------------------------------------------
# HERE ARE THE RULES! :
#-----------------------------------------------------
# BYPASS OPEN RELAY CHECKING FOR THESE IPS :
#
# These IPs are ones that we have setup so that they arent RBL checked.
# We have done this because these particular servers are RBL listed,
# and for whatever reason they can't/won't fix their open relay problem,
# and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story...
#111.111.111.111:allow,RBLSMTPD=""
# reminder text goes here for this entry so we know the story...
#222.222.222.222:allow,RBLSMTPD=""
#
#-----------------------------------------------------------------
# DONT ALLOW THESE IPS TO SEND MAIL TO US :
#
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
#216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
#
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
#64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#
#-----------------------------------------------------------------
# ALLOW THESE IPS TO RELAY MAIL THROUGH OUR SERVER
#
# Local class-c's from our LAN are allowed to relay,
# and we wont bother doing any RBL checking.
#123.123.123.:allow,RELAYCLIENT="",RBLSMTPD=""
#123.111.111.:allow,RELAYCLIENT="",RBLSMTPD=""
#
# Connections from localhost are allowed to relay
# (because the WebMail server runs on localhost),
# and obviously there is no point trying to perform an RBL check.
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#
#-----------------------------------------------------------------
# ALLOW EVERYONE ELSE TO SEND US MAIL
#
# Everyone else can make connections to our server,
# but not allowed to relay
# RBL lookups are performed
#:allow
# If you are using qmail-scanner, this line here is the correct one to use
# instead (comment out the above ':allow' line FIRST) and applies that script
# to any mail coming in that is not from a host allowed to relay. You can
# change the value of the variable to any other value you desire to use custom
# scripts for example.
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
192.168.0.100:allow,RELAYCLIENT="@enon.no-ip.org",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-queue"
192.168.0.1:allow,RELAYCLIENT="@enon.no-ip.org",RBLSMTPD="",QMAILQUEUE="/var/qmail-queue"
24.9.206.76:allow,RELAYCLIENT="@enon.no-ip.org",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue" |
I also updated my /etc/tcp.smtp and ran tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
My tcp.smtp looks exactly like my /etc/tcprules.d/tcprules.qmail-smtp
Nonetheless, Spamassassin still detects it as spam. I'm not sure if my settings are messed up or if Spamassassin has just been trained.
I'm getting this error in my /var/log/mail.info log occasionally (however, I think I fixed it):
| Code: | Apr 20 20:59:34 mail maildrop[8378]: Unable to deliver to mailbox.
Apr 20 21:00:56 mail maildrop[8598]: Unable to deliver to mailbox.
Apr 20 21:02:15 mail maildrop[9062]: Unable to deliver to mailbox.
Apr 20 21:02:27 mail maildrop[9144]: Unable to deliver to mailbox.
Apr 20 21:05:57 mail maildrop[10466]: Unable to deliver to mailbox. |
And here is the header info from spamassassin:
| Code: | X-Spam-Status: Yes, hits=3.5 required=3.0 tests=PRIORITY_NO_NAME,
RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no version=2.63
X-Spam-Pyzor: Reported 0 times.
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------=_4085E568.73478E5E"
X-UID:
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
Spam detection software, running on the system "mail.enon.no-ip.org", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
root@localhost for details.
Content preview: check [...]
Content analysis details: (3.5 points, 3.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[24.9.206.76 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[24.9.206.76 listed in dnsbl.sorbs.net]
0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer |
|
|
| Back to top |
|
|
blubbi
Guru
Joined: 27 Apr 2003
Posts: 564
Location: Halle (Saale), Germany
|
| Posted: Wed Apr 21, 2004 8:21 am Post subject: |
|
|
| vcihon wrote: | Well it's definately not working. Had the relay up and in a couple of hours, I found I have over 5000 emails relaying from my server. Also, ORBD classified it as an open relay <sigh>.
If anyone sees anything, or any other ideas how to troubleshoot this, let me know. |
use this in your /etc/tcprules.d/tcp.qmail-smtp
| Code: |
127.0.0.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
127.0.0.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,RELAYCLIENT="YOURIP or mybe Hostname without@",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" |
Wit this settings everybody is ollowed to connect, but not to relay. YOURIP or mybe Hostname without@" is allowed to connect and to relay. 127.0.0. is allowed to connect and to relay.
This should fix your open relay problem .... but with this settings the only host allowed to relay is the one specified in RELAYCLIENT. If this is not what you want, you have to use smtp after pop or SMTP-AUTH. Regarding to | Skywacker wrote: | Blubbi-
You can confirm that the pop-before-smtp works via your howto. I used your howto for that portion and it's working for me.
Thanks a lot!
-Skywacker |
smtp after pop works if you followed my howto.
mmmmh, now I am a bit confued about
| Code: | | the :allow,RELAYCLIENT='@fixup',RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" |
in /etc/relay-ctrl/RELAY_CTRL_RELAYCLIENT
I think it sould be '@fixup' not the domainname.
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered
http://olausson.de |
|
| Back to top |
|
|
blubbi
Guru
Joined: 27 Apr 2003
Posts: 564
Location: Halle (Saale), Germany
|
| Posted: Wed Apr 21, 2004 8:37 am Post subject: |
|
|
| Pardok wrote: | Hmmmmm,
And here is the header info from spamassassin:
| Code: | X-Spam-Status: Yes, hits=3.5 required=3.0 tests=PRIORITY_NO_NAME,
RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no version=2.63
X-Spam-Pyzor: Reported 0 times.
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------=_4085E568.73478E5E"
X-UID:
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
Spam detection software, running on the system "mail.enon.no-ip.org", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
root@localhost for details.
Content preview: check [...]
Content analysis details: (3.5 points, 3.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[24.9.206.76 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[24.9.206.76 listed in dnsbl.sorbs.net]
0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer |
|
You see, why spamassasin detects you Mail as spam. From which machine did you send that mail. Tell me from where to where this mail was going. Try to turn off qmail-scanner-queue in tcprules for your hostname from the host you send the mail from.
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered
http://olausson.de |
|
| Back to top |
|
|
vcihon
Tux's lil' helper
Joined: 19 Aug 2003
Posts: 107
|
| Posted: Wed Apr 21, 2004 2:04 pm Post subject: |
|
|
Blubbi -
It might help if you or someone could post a simple explanation how SMTP-AUTH is supposed to work (the filter process). For example, I'm not clear how /etc/tcprules.d/qmail-smtp talks to /etc/relay-ctrl-RELAY_CLIENT_CTRL
That might help us troubleshoot it.
I searched for a man page but didn't find any.
Also, any comments to my thoughts about the /var/qmail/control/me file which I mentioned in a post above? |
|
| Back to top |
|
|
blubbi
Guru
Joined: 27 Apr 2003
Posts: 564
Location: Halle (Saale), Germany
|
| Posted: Sat Apr 24, 2004 9:01 pm Post subject: |
|
|
| vcihon wrote: | Blubbi -
It might help if you or someone could post a simple explanation how SMTP-AUTH is supposed to work (the filter process). For example, I'm not clear how /etc/tcprules.d/qmail-smtp talks to /etc/relay-ctrl-RELAY_CLIENT_CTRL
That might help us troubleshoot it.
I searched for a man page but didn't find any.
Also, any comments to my thoughts about the /var/qmail/control/me file which I mentioned in a post above? |
You are talking about 3 ways to deny relaying.
1.) SMTP-AUTH
2.) SMTP-AFTER-POP
3.) TCPRULES
If you have on up an running, you'll porbably be satisfied.
SMTP-AUTH and SMTP-AFTER-POP is usefull, if you want thrusted clients to relay from any IP (DialUP). TCPRULES is best to use if you have a office, and in the office the Clients have static IP's so you can allow every client with (for example 10.0.0.*) to relay. Everyone else is not allowd to relay, even if SMTP-AUT, or SMTP-AFTER-POP do allow the connection.
May be on monday I'll post a little info on how SMTP-AUTH and SMTP-AFTER-POP works. (or just ask google)
_________________
-->Please add [solved] to the initial post's subject line if you feel your problem is resolved.
-->Help answer the unanswered
http://olausson.de |
|
| Back to top |
|
|
putte
n00b
Joined: 11 Aug 2003
Posts: 8
Location: Sweden
|
| Posted: Sun Apr 25, 2004 5:25 pm Post subject: hi boys and girls |
|
|
This is a great guide but to big!
could it be like restarted or something with a fresh setup ?
BTW sabrex thanks for writing it....
_________________
unix _IS_ userfriendly, It's only picky about it's friends |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
