LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-07-2005, 11:53 AM   #46
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31

/var/qmail/supervise/qmail-smtpd/run
 
Old 05-09-2005, 09:43 AM   #47
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
I have /var/qmail/bin/qmail-smtpd

but that is a file not a directory. This is so frustrating, here someone's found a way to completely solve my spam problem but I can't figure out how to implement the solution in my qmail configuration. qmail was installed and configured by our dedicated server host and i think it was configured to work with a plesk online control panel (kind of like a webmin package). any other ideas for how i can implement this spam solution?
 
Old 05-09-2005, 10:14 AM   #48
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
>> I have /var/qmail/bin/qmail-smtpd

Maybe. Check the contents. It should be a plain text file. You may want to look at the /service directory and see if you have a bunch of symlinks in there that may help you find the run file.

If your system supports the "locate" command, just do...

locate run | grep smtpd

That should get you pretty close to finding it.
 
Old 05-09-2005, 10:29 AM   #49
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
could /var/mailman/bin/qrunner be significant or is mailman a different program entirely? i still think i could possibly use the /etc/init.d/qmail file but i have no idea where i should add the spam filer line. ugh i give up. ill just keep working with spam assassin.
 
Old 05-09-2005, 10:47 AM   #50
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Bah! Dont' give up so easily. I'm sure we can work this out. mailman is unrelated.

Post your /etc/init.d/qmail file here and maybe I can help you find your run file.

Spamassassin is great, but I know you will be much happier when you start using RBLs.
 
Old 05-09-2005, 11:55 AM   #51
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
Im sorry if this is a dumb question but would posting the contents of a run file be a security threat in anyway to my system? I'm not saying I dont trust you its just im a little weary about posting contents of scripts in a public discussion board. Im not linux security expert so i just thought id ask before I post the contents of the /etc/init.d/qmail file. Thanks.
 
Old 05-09-2005, 12:42 PM   #52
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Nah... there's nothing in there that people can really use to mess with your server. The file we're talking about should be nothing but a bunch of commands that are run when the system boots. The commands being issued are not showing anything critical. Just commands that will start and stop qmail.
 
Old 05-09-2005, 01:15 PM   #53
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
Code:
#! /bin/sh
#
# This is /etc/rc.d/init.d file for Q-Mail
#
# chkconfig: 345 80 30
# description: qmail Mail Transfer Agent
# processname: qmail-send
#
#
### BEGIN INIT INFO
# Provides:       sendmail qmail
# Required-Start: $network $named $syslog $remote_fs $time
# X-UnitedLinux-Should-Start:
# Required-Stop:
# Default-Start:  3 5
# Default-Stop:
# Description:    start the qmail MTA
### END INIT INFO

# Source networking configuration.
if [ -f /etc/sysconfig/network ]; then
	. /etc/sysconfig/network

	# Check that networking is up.
	[ ${NETWORKING} = "no" ] && exit 0
fi

# Source function library.
if [ -f /etc/init.d/functions ]; then
	. /etc/init.d/functions
fi

# this way is for SuSE Linux
test -s /etc/rc.status && . /etc/rc.status && rc_reset

if ! type status >/dev/null 2>/dev/null; then
    status () {
	/sbin/pidof >/dev/null qmail-send
    }
fi

myname=qmail
qmail_dir=/var/qmail
subsys=/var/lock/subsys/$myname
PATH="$qmail_dir/bin:$PATH" 
export PATH
proccess=qmail-send

# this function is designed to emulate RedHat-like service reporting on the SuSE Linux
report_action()
{
	# $1 - text to put
	# $2 - status of operation
	case `type -t action` in
		function)
			action $"$1" $2
			;;
		*)
			rc_reset
			echo -n $"$1"
			$2
			rc_status -v
			;;
	esac
}

start() 
{
		qmail-start ./Maildir/ splogger qmail &
		sleep 1
		[ "`pidofproc $proccess`" ]
        	ret=$?
        	if [ $ret -eq 0 ]; then
        	    report_action "Starting $myname: " /bin/true
        	else
        	    report_action "Starting $myname: " /bin/false
        	fi
        	[ $ret -eq 0 ] && touch $subsys
        	return $ret
}

check_and_start()
{
	if [ ! -f $subsys ]; then
		start
	fi
}
	
stop()
{
	if [ -f $subsys ]; then
		echo -n $"Stopping $prog: " 
		killproc $proccess
		ret=$?
        	[ $ret -eq 0 ] && rm -f $subsys
        	return $ret
	else
		killall $proccess  > /dev/null 2>&1
		true
	fi
}

restart(){
    stop
    start
}

condrestart(){
    [ -e $subsys ] && restart || true
}

#reload(){
#    [ -e /var/lock/subsys/$myname ] && mysqladmin reload
#}
	
# See how we were called.
case "$1" in
  start)
    start
    ;;
  condstart)
    check_and_start
    ;;
  stop)
    stop
    ;;
  status)
    status $proccess
    ;;
  reload)
    restart
#    reload
    ;;
  restart)
    restart
    ;;
  condrestart)
    condrestart
    ;;
  *)
    echo $"Usage: $0 {start|stop|status|reload|condrestart|restart}"
    exit 1
esac

exit $?
well there it is, ive already checked the qmail-smtpd, qmail-send and qmail-start files. theyre compiled files that i cant view in vi. hopefully this /etc/init.d/qmail file is the one i need to add the RML info. thanks again for all of your help.
 
Old 05-09-2005, 01:35 PM   #54
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Oh my god. You have some bizarre installation of qmail going here. It appears you aren't running qmail with daemontools or ucspi-tcp. You said qmail came pre-installed on this computer?? Geez, the people who set this up should be lined up and shot.

It appears that qmail is indeed located under /var/qmail. Maybe you can poke around under there somewhere and see if you can find your run file.

Try...

find /var/qmail/* -name *run*

And see what comes up. If nothing comes up, I'm afraid I may not be able to help you. You should forget what I said earlier and give up and go hide under the bed.

Seriously, if this doesn't work, you should consider getting a server with a "real" qmail install instead of this bastardized version you've been given. I recommend getting yourself a server and installing according to a howto like www.qmailrocks.org or the one in my sig.
 
Old 05-09-2005, 01:40 PM   #55
msound
Member
 
Registered: Jun 2003
Location: SoCal
Distribution: CentOS
Posts: 465

Rep: Reputation: 30
i was affraid you'd say that. well, at least i have my spam assassin. thanks again.
 
Old 05-12-2005, 03:21 PM   #56
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
Earlier I mentioned I was going to stick with Sorbs. In the past week I've had a bunch of Hotmail ip addresses blocked by Sorbs. I'm no fan of Hotmail and it's no surprise that spam originates from hotmail. However, this upsets clients and it verges on unacceptable to me. Anyone else experience this?

Plan for now: whitelist them as they appear.
 
Old 10-20-2005, 02:59 AM   #57
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
hello mates,
i have found that cool how-to for debian : http://www.shupp.org/toaster/#debian
and for redhat, fedora, mandriva etc. : http://www.qmailtoaster.com

it includes some cool patches such as chkuser. it seems that works great against spams, no stupid mails in queue. "src.rpm" based installation also includes rblsmtpd check ( -r sbl.spamhaus.org ) by the default.

it might help ppl who want to install qmail with antispam features.

good luck.
 
Old 04-24-2006, 12:04 PM   #58
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
It's funny, I repeatedly bump into this thread when I am Googling for anything related to qmail and spam. Glad to see lots of people are using it. Anyway, it's been almost a year since my last post here. Thought I'd give an update.

I stopped using Sorbs because of Hotmail and Yahoo mail being blocked. I hate to alter my behaviour because of these corporate behemoths, but I have little choice. I do recognize they are in a difficult spot on this. I am now only using Spamhaus ... temporarily. Sorbs seems too aggressive and Spamhaus is not aggressive enough. I will eventually start using Sorbs again, but I need to tone it down a bit first. More on that later.

A new problem I am bumping into now is hammering of Spamhaus due delivery attempts from virus-infected machines at dynamic ip addresses. A typical scenario would be maybe 100 connections per minute from the same dynamic ip address each resulting in a query to Spamhaus from my server for the same ip address. 100 identical queries in a minute just seems a waste of resources (mine and Spamhaus'). When I was using Sorbs I didn't mind because I ran a local rsync copy of Sorbs. However, last time I checked rsync service was not available for free from Spamhaus. When I notice this happening I have been manually putting the ip address on my own local blacklist that gets checked prior to Spamhaus. This works, but it's very manual and not a very good solution.

I have a plan that will eventually solve these problems and allow me to start using Sorbs again. I have searched a bit, but have so far been unable to find any existing software and/or qmail patches, etc that exactly accomplish what I want. I think the coding is pretty simple and I will eventually do this myself. Here is my 2-step plan:

1. Capture ip addresses from positive Spamhaus queries and automatically place them on a local blacklist that gets checked prior to Spamhaus. Then run a cron job that clears or deletes this blacklist at regular intervals (every hour, 2 hours, 12 hours, whatever). This would prevent my server from needlessly querying Spamhaus when there has recently been a positive Spamhaus hit on an ip address. So, in the virus-infected scenario I described above, only the very first hit by the virus-spammer would query Spamhaus, then all remaining hits would be blocked by my local blacklist. Cycling of that blacklist would ensure that ip addresses that appear on Spamhaus and then get removed, would not be blocked by my local blacklist for long.

2. Use Sorbs for "greylisting" rather than blacklisting. I need to study up a bit more on this, but as I understand it, greylisting sends a temporary failure (temporary SMTP error 451) on the first attempt, then accepts subsequent delivery attempts. What does this accomplish? Apparently, many spamming methods will often give up after one attempt, whereas email originating at legitimate email servers will follow the standard schedule to re-deliver undelievered mail at regular intervals. So, mail from blacklisted Hotmail servers, for example, would be rejected on the first attempt, but then accepted 5 minutes later or whatever delay interval is used for the 2nd attempt.

A bit of research tells me Thomas Mangin's greylist solution may be a good place to start:

http://thomas.mangin.me.uk/software/qmail-greylist.html

I plan to implement #1 and #2 in that order in my qmail run file. Essentially, this solution is a less aggressive blacklist (Spamhaus) followed by a very aggressive greylist (Sorbs). This should allow me to take advantage of the aggressiveness of Sorbs without as many false positives. So why even bother with the blacklist? I dunno, I just like the idea of the blacklist -- if you're listed, you're out. I also suspect a greylist alone will let more spam through than my 2-step blacklist/greylist solution.

I still need to work out the details, but I will post them when I have implemented this (weeks or months maybe).

As always, comments are appreciated.

Paul
 
Old 04-24-2006, 01:12 PM   #59
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
Here's what I am thinking ... rblsmtpd in its current form has the -r and the -a options (blacklist and whitelist respectively). See: http://cr.yp.to/ucspi-tcp/rblsmtpd.html . Let's add the "-g" option which will allow greylisting also in the same manner as blacklisting and whitelisting. In fact, you could even list Sorbs or Spamhaus or any other list you like after the -g option and use the list for greylisting instead of blacklisting.

I nominate Dan Bernstein to modify the code. Please get on that right away, Dan. ... ok I am joking. Ok, half joking, half not. I will take a look but I don't think I the guy to write this code, but this is what we need. Somebody, write the code ... please.
 
Old 04-24-2006, 03:55 PM   #60
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
Hmmmm. I've been looking at the rblsmtpd code. I may just take a stab at modifying it to handle both parts of my plan (#1 and #2). Stay tuned.
 
  


Reply

Tags
greylist, qmail


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking SPAM in Sendmail jomy Linux - Networking 4 03-23-2005 01:19 AM
Spam assassin with qmail Rhiannon Fedora 0 05-04-2004 04:57 AM
Sendmail: blocking spam pk21 Linux - Software 1 08-21-2003 05:28 AM
filtering spam in Qmail? IceNineJon Linux - Software 2 07-05-2003 02:35 PM
blocking forum spam with snort rule? JustinHoMi Linux - Security 1 02-04-2002 05:50 PM


All times are GMT -5. The time now is 03:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration