Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Qmail>
  3. users
tcpserver -p (paranoid) settings
kirk at icapsolutions
May 22, 2012, 2:08 PM
Post #1 of 3 (2898 views)
Permalink
i've recently switched my qmail-smtpd/run script to this:

#exec /usr/local/bin/softlimit -m 100000000 \
# /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
"$MAXSMTPD" \
# -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
# /usr/local/bin/rblsmtpd -b \
# -r zen.spamhaus.org \
# -r bl.spamcop.net \
# /var/qmail/bin/qmail-smtpd mail.icapsolutions.com \
# /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

exec /usr/local/bin/softlimit -m 100000000 \
/usr/local/bin/tcpserver -v -p -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b \
-r zen.spamhaus.org \
-r bl.spamcop.net \
/var/qmail/bin/qmail-smtpd mail.icapsolutions.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

i also have this in etc/tcp.smtpd:

127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
192.168.101.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
=:allow
:allow,RBLSMTPD="-You have a reverse DNS problem, contact us here
http://www.icapsolutions.com/contact"


before the change to qmail-smtpd/run script (with the #'s) it was
working with no issues. with the minor change for "-p", now when i
create a mail and hit "send", i get a good 15 to 20 second delay. the
mail goes out but with that long delay. i got the above changes from here:
http://www.chrishardie.com/qmail-anti-spam-howto/#sysoption2

am i missing something?

kirk
Re: tcpserver -p (paranoid) settings [ In reply to ]
feh at fehcom
May 22, 2012, 2:19 PM
Post #2 of 3 (2796 views)
Permalink
Hi Kirk

you are missing the '-R' option:

-R Do not attempt to obtain $TCPREMOTEINFO from the remote host. To
avoid loops, you must use this option for servers on TCP ports
53 and 113.

regards.
--eh.

PS: This is not a minor change.


Am 22.05.2012 um 23:08 schrieb kirk:

> i've recently switched my qmail-smtpd/run script to this:
>
> #exec /usr/local/bin/softlimit -m 100000000 \
> # /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
> # -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
> # /usr/local/bin/rblsmtpd -b \
> # -r zen.spamhaus.org \
> # -r bl.spamcop.net \
> # /var/qmail/bin/qmail-smtpd mail.icapsolutions.com \
> # /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
>
> exec /usr/local/bin/softlimit -m 100000000 \
> /usr/local/bin/tcpserver -v -p -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
> /usr/local/bin/rblsmtpd -b \
> -r zen.spamhaus.org \
> -r bl.spamcop.net \
> /var/qmail/bin/qmail-smtpd mail.icapsolutions.com \
> /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
>
> i also have this in etc/tcp.smtpd:
>
> 127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
> 192.168.101.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
> 192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
> =:allow
> :allow,RBLSMTPD="-You have a reverse DNS problem, contact us here http://www.icapsolutions.com/contact"
>
>
> before the change to qmail-smtpd/run script (with the #'s) it was working with no issues. with the minor change for "-p", now when i create a mail and hit "send", i get a good 15 to 20 second delay. the mail goes out but with that long delay. i got the above changes from here:
> http://www.chrishardie.com/qmail-anti-spam-howto/#sysoption2
>
> am i missing something?
>
> kirk
>
>
>
>

--
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE
Re: tcpserver -p (paranoid) settings [ In reply to ]
amb-sendok-1340327244.nkkgnbpehkiminpcdcjl at bradfo
May 22, 2012, 6:07 PM
Post #3 of 3 (2796 views)
Permalink
Thus said kirk on Tue, 22 May 2012 14:08:07 PDT:

> am i missing something?

Your firewall is misconfigured. It should reject connections to port
113, and not drop them (or allow them so that the IP stack in your
computer can send a connection refused). When you use -v, tcpserver will
attempt to do IDENT lookups, and any firewall that drops packets to port
113, instead of rejecting them, will cause a 26 second delay. You can
adjust the timeout using -t (the default is 26 seconds).

By the way, there are other benefits to having the IDENT lookup enabled.
It introduces a delay and many spammers will drop the connection if the
banner takes too long to come up---the banner won't come up until
tcpserver has gathered it's information.

Andy

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal