View previous topic :: View next topic |
Author |
Message |
slim n00b

Joined: 25 Dec 2002 Posts: 5 Location: Texas
|
Posted: Sun Sep 12, 2004 9:39 pm Post subject: New perl and qmail-scanner ebuilds |
|
|
Anyone have feedback on qmail-scanner-1.23-r3 with perl-5.8.4-r1?
I foolishly emerged perl-5.8.4-r1 without reading the change log close enough, and I can confirm that's a really bad idea. It broke qmail-scanner since /usr/bin/suidperl has been removed. Now that I've downgraded back to 5.8.4, I'm sitting here reflecting on the error of my ways. I don't think I'll have a chance to test on that server for 2 weeks, so maybe someone could test the new combo and post the results. |
|
Back to top |
|
 |
radulucian Apprentice


Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Mon Sep 13, 2004 12:23 am Post subject: |
|
|
same situation and same problem here.
i am now downgrading perl and libperl too, since i cannot afford to test it further with my mail server practically down.
if anyone has a chance to solve it in a reasonable manner please post your conclusions and you fix here. |
|
Back to top |
|
 |
radulucian Apprentice


Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Mon Sep 13, 2004 1:17 am Post subject: |
|
|
also, i now see that
Code: |
emerge /usr/portage/dev-perl/Mail-SpamAssassin/Mail-SpamAssassin-2.63.ebuild
|
from the original post by sabrex can no longer work since Mail-SpamAssassin was completely removed from portage and replaced by spamassassin which is configured a little bit different
also, even after downgrading perl, my installation is now really messed up (though it is working, but only after disabling clamd), so maybe someone who can test it thoroughly can repost the tutorial in an updated form. |
|
Back to top |
|
 |
catalinux n00b


Joined: 30 Aug 2004 Posts: 10
|
Posted: Mon Sep 13, 2004 6:12 am Post subject: Re: another good patch javascript:emoticon(':D')validrcptto |
|
|
petterg wrote: |
And your point is?
There's quite a few nice patches in the r15, but none of them does the job of chkusr patch, which will save the server quite a bit of load in case of spammails to [random chars]@domain.net. To bad it makes a conflict with the smtp-auth over tsl!
The magic-smtpd seems to be even better on stopping spam before arrival, but I haven't figured out the correct way to install it. |
thid patch is a kind of generic chkusr patch ( i need that 'cause i do not use vpopmail , i use vmailmgr)
ideea is -populate /control/validrcptto with user mail adresses on your server and qmail-smtpd wiill check against this file rcptto from header-BEFORE DATA being sent in SMTP session |
|
Back to top |
|
 |
petterg Guru

Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Mon Sep 13, 2004 11:07 am Post subject: Re: another good patch javascript:emoticon(':D')validrcptto |
|
|
catalinux wrote: | ideea is -populate /control/validrcptto with user mail adresses on your server and qmail-smtpd wiill check against this file rcptto from header-BEFORE DATA being sent in SMTP session |
Would be good if vpopmail would add/remove users in that file when users are added/remomed using the the vadduser vdeluser. Allthough it could be done by a script... how would we get around to make qmailadmin work with this?
Guess vmailmgr already does this? |
|
Back to top |
|
 |
petterg Guru

Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Mon Sep 13, 2004 11:13 am Post subject: Re: New perl and qmail-scanner ebuilds |
|
|
A question for those of you who are using qmail-scanner 1.23:
How is it working?
I tried it, with the result that incomming mail carying a header "X-Spam-Status:No..." passed unchecked through the scanner. This also happened if it carryed virus!
Also, random mails came through unchecked!
Are you experiencing any of these problemes?
How did you set it up?
If you're running with clamav, are you running clamd as the clamav, qscand or vpopmail user? |
|
Back to top |
|
 |
stripe n00b


Joined: 04 Jan 2004 Posts: 72 Location: Prague
|
Posted: Tue Sep 14, 2004 6:25 pm Post subject: |
|
|
well I made it to work, but I think it is bug as a cow...
I use:
perl-5.8.4-r1
qmail-1.03-r13
qmail-scanner-1.23-r3
spamassassin-2.64
so after doing emerge -u world and restarting the daemons I noticed that the mailserver stopped to send the emails with some "qq problem"
after half a day tracing the log files, I figured how to run out from that and here are my issues:
a) UID+GID qscand, under which is supposed qmail-scanner to run, is absolutely useless and misleading. qmailscanner runs still under qmaild, so you have to set back again the dir and file permissions recursively, typically by:
Code: |
chown qmaild:nofiles -R /var/spool/qmailscan
|
b) in qmail-scanner 1.23 is implementation of checking the Razor, Pyzor, F-Prot. Clavam, etc, solved somehow different, so without update won´t it to run. so you have to reinitialise the database by:
Code: |
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue -g
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue -z
|
EDIT ON MY PREVIOUS POST, READ THE CHANGES BELLOW!
c) qmail-scanner is reinitialising it´s database within the cron job. however this cronjob from qmail-scanner 1.16 sets UID+GID to root of file /var/spool/qmail-scanner-queue-version.txt with 0700 mask, which causes qmail-scanner of 1.23 version from ability to read the file and again rejects to send the mails.
you have to find /etc/cron.daily/qmail-scanner, edit and change the content:
from:
Code: |
/var/qmail/bin/qmail-scanner-queue -z
|
to:
Code: |
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue -z
|
now everything is doing just fine.... _________________ Sick of computers? Well, Czech girls and beer solve it! Trust me 
Last edited by stripe on Wed Sep 22, 2004 4:29 pm; edited 6 times in total |
|
Back to top |
|
 |
radulucian Apprentice


Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Tue Sep 14, 2004 7:59 pm Post subject: thanks stripe |
|
|
thank you stripe.
tonight i will try the procedures you described on both my servers and check back here to confirm. |
|
Back to top |
|
 |
stripe n00b


Joined: 04 Jan 2004 Posts: 72 Location: Prague
|
Posted: Tue Sep 14, 2004 8:20 pm Post subject: |
|
|
ok, try it.... If you´ll be successful, I´m gonna to write a bug report about qmail-scanner-1.23-r3.ebuild thus I really don´t have an idea why would be qmail-scanner run as qsand, when in fact is called by qmaild and therefore must be accessible for qmaild _________________ Sick of computers? Well, Czech girls and beer solve it! Trust me 
Last edited by stripe on Wed Sep 15, 2004 12:41 am; edited 1 time in total |
|
Back to top |
|
 |
radulucian Apprentice


Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
|
Back to top |
|
 |
stripe n00b


Joined: 04 Jan 2004 Posts: 72 Location: Prague
|
Posted: Tue Sep 14, 2004 11:47 pm Post subject: |
|
|
Code: |
Get rid of
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
from /etc/tcp.smtp, Watch the add! It's not ".pl" anymore |
I had this already in my config, but the problems with ebuild of qmail-scanner 1.23-r3 I had to solve:
a) chowns whole directory /var/spool/qmailscan to qscand without noticing you about that.
b1) setting wrapper in /var/qmail/conf/common-conf is not issue, if qmail scanner cannot work with it´s directory, when called under qmaild
b2) the same situation fixing tcp.smtp and eding the .PL issue
c) you have to chown whole directory back again
d) if it works finaly, in the night (on my box aprox. at 3AM) will qmail-scanner reinitialise database, but with bad UID+GID and mask 0700, so you are back again where you´ve been. so you have to finaly edit /etc/cron.daily/qmail-scanner
.....simply utopia.....
and one day of SMTP malfunction
I THINK IT IS SOLVED NOW, just do the things in my little howto above and you can go to sleep peacefuly without waking up by nervous users, like me.....  _________________ Sick of computers? Well, Czech girls and beer solve it! Trust me  |
|
Back to top |
|
 |
tecknojunky Veteran


Joined: 19 Oct 2002 Posts: 1937 Location: Montréal
|
Posted: Wed Sep 15, 2004 5:17 am Post subject: |
|
|
I have a server to rebuild. I think I'm finally going to give Debian a try.
This is the second time I do an update that creates major problems for the whole network (in this case, no email server).
You got to admit, Gentoo as a long way to go to make it into enterprises. I don't know which of the Perl or qmail-scanner maintainers is to blame, but someone did not do his job properly for allowing them to reach stable status together.
I had enough and I'm now seriously thinking to use a REAL distro, not one made by script kiddies.
PS. I may sound crude and harsh? You think I should apologize? In your dreams. I don't appreciate the pressures I get because I relied on the works made by amateurs and incompetents, so let me get some steam out. _________________ (7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
Back to top |
|
 |
radulucian Apprentice


Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Wed Sep 15, 2004 8:52 am Post subject: |
|
|
techknojunky, i am a little embarassed by your message. you should be too as you came out of nowhere on this thread to criticize a distribution you are not able to understand even after more than 900 posts on these forums.
you should proceed to work for your new debian server and stop poluting forum threads with off-topic messages.
the reason i am using (and i will keep use) gentoo is exactly the fact that this forum helps me solve things EVERY SINGLE TIME i have a minor problem like this one. and i wish you good luck in getting the same prompt response with you next distribution.
and remember: we are very fortunate to be able to choose among this many excelent distributions, so you should be happy every time you are able to make such a choice.
best regards.
radu |
|
Back to top |
|
 |
stripe n00b


Joined: 04 Jan 2004 Posts: 72 Location: Prague
|
Posted: Wed Sep 15, 2004 9:42 am Post subject: |
|
|
offtopic: agreed, I used Slackware 8.1 in the past and it used to work well from installation without much changes. any other software compilaton which was not included on CD was breaknecking and without much possibility to upgrade the package. anyway package upgrade was much rather hell, then a peaceful operation. plus the init scripts, resp. rc. scripts are the piece of disgust..... if I striked to a problem, I was completely helpless. I don´ know what is Slack 10 about now, but you can visit it´s homesite to confirm it´s "support".
so that´she reason I moved from Slackware and I´m happy with Gentoo since that time. OK sometime it´s released a breaknecking ebuild, but therefore you have this forums you can turn around. That´s the point.
PS: thanks this forums and structure of Gentoo I think I have understood linux to the level I can friendly go with and therefore I can do proudly my job, eg. I´m able to satisfy what really the company I work wishes .... _________________ Sick of computers? Well, Czech girls and beer solve it! Trust me  |
|
Back to top |
|
 |
tecknojunky Veteran


Joined: 19 Oct 2002 Posts: 1937 Location: Montréal
|
Posted: Wed Sep 15, 2004 10:29 am Post subject: |
|
|
radulucian wrote: | techknojunky, i am a little embarassed by your message. you should be too as you came out of nowhere on this thread to criticize a distribution you are not able to understand even after more than 900 posts on these forums. | When you get there, maybe you too you'll want to let some steam out when a "minor mistake" affect everybody (like Perl and qmail-scanners that don't play well with each others).
radulucian wrote: | you should proceed to work for your new debian server and stop poluting forum threads with off-topic messages. | Well, I'm not that off topic. I've found this because qmail-scanner now has permissions problems for which you provided two links. I will admit that I did fall in like a hair in a soup. I apologize for that.
My post polution? And threads like this one with 24 zillions of posts is not polution? You never noticed that when you search something, the first few results are always the ones that have gazillions of posts in it. Some get so big that they must be close to enclose every words of the dictionnary. No wonder it ends up in your search result.
radulucian wrote: | the reason i am using (and i will keep use) gentoo is exactly the fact that this forum helps me solve things EVERY SINGLE TIME i have a minor problem like this one. and i wish you good luck in getting the same prompt response with you next distribution. | Thank god, you can also rant on the forums. I heard Debian also has a good support base. I personally think that the forum, however useful it might be, is no excuse to bad implemented or insuffisiently tested releases of ebuilds. Sure, you can sometime forget things, but it should happen in the unstable stage, not during stable, and surely not produce massive demand for support.
radulucian wrote: | and remember: we are very fortunate to be able to choose among this many excelent distributions, so you should be happy every time you are able to make such a choice. | and that's why when someone among the Gentoo maintainers does a poor job, I get hangry because I expect a minimal decent QA. stable/unstable is not there to qualify the soldity of the desk the computer is on. My point is, I love Gentoo but I question the release process to ensure things work properly.
If you look at qmail-scanner's ebuild, notice that 1.23-r3 is marked stable while 1.23-r2 is marked unstable. It's the first I notice that and it would not surprise me if someone made the mistake of marking the r3 stable while it should have been unstable. That would be a dumb mistake that can have huge repercussions for some users.
Thanks for this. _________________ (7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
Back to top |
|
 |
defined n00b

Joined: 24 Apr 2004 Posts: 2 Location: Belgium
|
Posted: Thu Sep 16, 2004 3:01 am Post subject: |
|
|
i can only agree, after spending 4hours figuring out how to get my mailserver back up(had been down for almost a day before i found out )
debian never let me down during upgrades in the stable branch AND it was much smarter dealing with config files.. |
|
Back to top |
|
 |
petterg Guru

Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Fri Sep 17, 2004 11:17 am Post subject: |
|
|
defined wrote: | ....debian never let me down during upgrades in the stable branch... |
As the topic for this thread has been Qmail-Scanner 1.23 I assume your bitching is somewhat related to upgrading to this package.
Iæll just remind you that this package is masked by the ~keyword. That means it's not yet stable! It's not fear to the guys who make the ebuilds to bitch their newest unstable releases and compare to stable releases from other distros!
If you want to be bitchy at least you could start you own thread and stick to the stable releases! |
|
Back to top |
|
 |
nianderson Guru

Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Fri Sep 17, 2004 11:15 pm Post subject: |
|
|
If i had a large group of users relying on a mail server I was maintaining I would have an identical one that is used for uprage testing. regardless of what OS its running things sometimes break. So it sounds more like your mistake than the maintainers. Yeah i get frustrated when i make the same mistake ( i have before and im sure i will again) seriously go install xp sp2 something breaks you cus microsoft things break its inevitable the only thing you can do is to be a smart admin and run identical boxen when there are critical services envolved.
that said. im on a fresh install i hope all the answers are here  |
|
Back to top |
|
 |
nianderson Guru

Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Sep 18, 2004 8:33 pm Post subject: |
|
|
I had to echo "hostname.domain.tld" > /var/qmail/control/me to be able to send mail |
|
Back to top |
|
 |
nianderson Guru

Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Sep 18, 2004 8:38 pm Post subject: |
|
|
I ran /usr/portage/distfiles/qmail-scanner-1.16/contrib/test_instal -doit after adding RECIP="me@mydomain.com" on line 94 and I got 3 of the 4 test messages
someone want to help me tune this up? and figure out whats up?
l |
|
Back to top |
|
 |
nianderson Guru

Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Sep 18, 2004 10:02 pm Post subject: |
|
|
stripe wrote: |
b) in qmail-scanner 1.23 is implementation of checking the Razor, Pyzor, F-Prot. Clavam, etc, solved somehow different, so without update won´t it to run. so you have to reinitialise the database by:
Code: |
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue-pl -g
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue-pl -z
|
EDIT ON MY PREVIOUS POST, READ THE CHANGES BELLOW!
c) qmail-scanner is reinitialising it´s database within the cron job. however this cronjob from qmail-scanner 1.16 sets UID+GID to root of file /var/spool/qmail-scanner-queue-version.txt with 0700 mask, which causes qmail-scanner of 1.23 version from ability to read the file and again rejects to send the mails.
you have to find /etc/cron.daily/qmail-scanner, edit and change the content:
from:
Code: |
/var/qmail/bin/qmail-scanner-queue-pl -z
|
to:
Code: |
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue-pl -z
|
now everything is doing just fine.... |
when i do setuidgid qmaild /var/qmail/bin/qmail-scanner-queue-pl -g i get
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue-pl -z
setuidgid: fatal: unable to run /var/qmail/bin/qmail-scanner-queue-pl: file does not exist
also in your tcp.smtp do you have qmail-scanner.pl or qmail-scanner? i see both files exist and hear the at qmail-scanner is supposed to eb a wrapper for qmail-scanner.pl |
|
Back to top |
|
 |
radulucian Apprentice


Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Sat Sep 18, 2004 11:19 pm Post subject: |
|
|
there is a typo there. if you use the setuidgid solution then you should change the qmail-scanner-queue-pl to qmail-scanner-queue.pl. the difference is the .pl instead of -pl at the end.
however, i am using the qmail-scanner-queue wrapper (in both tcp.smtp and the conf file) and it works ok. |
|
Back to top |
|
 |
sucarino n00b


Joined: 20 Aug 2004 Posts: 32 Location: San Jose, Costa Rica
|
Posted: Sat Sep 18, 2004 11:22 pm Post subject: everything working fine, except minor smtp-auth problem |
|
|
people!
after several headaches and a few tricks you correctly explain here I finally have a well robusted mail server
i'm just now a little afraid of next updates, i read your former posts....
but i still need your help... i have a minor problem here. Everytime a tried to smtp-auth from an external network, the mail client delay exactly 5 seconds to auth and then the message is accepted and sended. This is what i have in my mail.log files everytime i tried:
Sep 18 18:11:24 mail vpopmail[2479]: vchkpw-smtp: password fail fredo@hold***.com:***.**.61.171
Sep 18 18:11:29 mail vpopmail[2481]: vchkpw-smtp: (PLAIN) login success fredo@hold***.com:***.**.61.171
Sep 18 18:11:48 mail vpopmail[2479]: vchkpw-smtp: password fail fredo@hold***.com:***.**.61.171
Sep 18 18:11:53 mail vpopmail[2481]: vchkpw-smtp: (PLAIN) login success fredo@hold***.com:***.**.61.171
other thing, smtp-auth accept my e-mails using TLS or not. so is letting me authenticate even when the session is not encrypted.
Is that correct? Any ideas?
thanx
Frodo |
|
Back to top |
|
 |
nianderson Guru

Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Sat Sep 18, 2004 11:57 pm Post subject: |
|
|
radulucian wrote: | there is a typo there. if you use the setuidgid solution then you should change the qmail-scanner-queue-pl to qmail-scanner-queue.pl. the difference is the .pl instead of -pl at the end.
however, i am using the qmail-scanner-queue wrapper (in both tcp.smtp and the conf file) and it works ok. |
which conf file?
and to clarify for anyone else if you use the wrapper script qmail-scanner-queue then you need to do the following
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -z
and in the cron file add
setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -z
and does anyone know if
Code: |
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -r sbl-xbl.spamhaus.org"
|
turns on checking from spamhaus? or how would i be able to tell?
if im wrong someone please correct me.
what happens when you run the test_install.sh script? |
|
Back to top |
|
 |
stripe n00b


Joined: 04 Jan 2004 Posts: 72 Location: Prague
|
Posted: Sun Sep 19, 2004 10:16 am Post subject: |
|
|
My apologies, there is type mistake, of course it is qmail-scanner-queue.pl.
The wrapper works too, but anyway setgiduid within cron job (at least for me) must be used, anyway the file qmail-scanner-queue-version.txt is made with mask 0600 and root:root permissions which causes qmail from the work. _________________ Sick of computers? Well, Czech girls and beer solve it! Trust me  |
|
Back to top |
|
 |
|