You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by "alan.gerhard" <al...@gercom.com> on 2003/03/04 16:07:45 UTC
POSTMASTER account
Guys -
I learned that the POSTMASTER account is a requirement as
per RFC (thx noel) so we are required to alias everything
that goes to POSTMASTER@JamesDomain.Com to the defined
postmaster account.
My concern was that this is a simple guarantee delivery for
spammers - or is there a "law" against using the postmaster
account ??
If so, I would like to report a violation :-)
Anybody know where I can do that ??
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: Sendmail Buffer Overflow
Posted by Serge Knystautas <se...@lokitech.com>.
Gary L. Harris wrote:
> Is James affected by this?
> CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Yes in that more people may consider using James.
--
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: Sendmail Buffer Overflow
Posted by bill parducci <bi...@parducci.net>.
not directly. completely different code base.
b
Gary L. Harris wrote:
> Is James affected by this?
> CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
>
> Gary Harris
> wvinternet.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Sendmail Buffer Overflow
Posted by "Noel J. Bergman" <no...@devtech.com>.
> Is James affected by [CERT® Advisory CA-2003-07 Remote Buffer Overflow in
Sendmail]
No. There are no known exploits for James.
Furthermore, because James doesn't need root priviledges other than to
access the IANA-specified ports for the public services, a deployment can
use port forwarding to allow James to run as a non-root process. A tradeoff
is that a malicious non-root process could spoof the service (this is why
there are restrictions on port use in the first place), but that tradeoff is
managable in many situations.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Host connect issue
Posted by "Noel J. Bergman" <no...@devtech.com>.
> James - 2.0a2
v2.1.2 is the current version. No idea what problems might have existed in
v2.0a2. There were 100s of fixes and enhancements between 2.0a3 and 2.1.0
alone. I do know that some of them were related to proper handling of
permanent and temporary errors, because I made some of those changes.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Host connect issue
Posted by Shal Jain <sh...@intertechsys.com>.
OS - Win2K
James - 2.0a2
Every so often sending emails through james to the host listed below fails.
I haven't had a chance to dig through the logs (they are kinda huge) (I
have replaced the username w/ [some user] )
However, sending email through Exchange works just fine.
What should I be looking for.
-- bounce from James --
Hi. This is the James mail server at [my host name]
I'm afraid I wasn't able to deliver your message
to the following addresses.
This is a permanent error; I've given up. Sorry it
didn't work out.
[some user]@aol.com
Could not connect to SMTP host: mailin-03.mx.aol.com.,
port: 25
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Sendmail Buffer Overflow
Posted by Danny Angus <da...@apache.org>.
No.
Absoultely not.
Following the instructions here: http://james.apache.org/james_and_sendmail.html
Will show you how you can use James for outbound traffic and thereby protect yourself from this vulnerability by restricting sendmail to access by local users only, with no open ports.
d.
> -----Original Message-----
> From: Gary L. Harris [mailto:gharris@wvinternet.com]
> Sent: 04 March 2003 16:41
> To: James Users List
> Subject: Sendmail Buffer Overflow
>
>
> Is James affected by this?
> CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
>
> Gary Harris
> wvinternet.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Sendmail Buffer Overflow
Posted by "Gary L. Harris" <gh...@wvinternet.com>.
Is James affected by this?
CERT® Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Gary Harris
wvinternet.com
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Any dns change in 2.1.2?
Posted by Alan Gerhard <al...@GerCom.Com>.
~From: Randahl Fink Isaksen [mailto:randahl@rockit.dk]
....
~According to my ISP I had a DNS misconfiguration problem - something
~about an invalid MX record and more (admittedly I do not know everything
~about DNS servers).
The DNS server and James are separate - by not having the DNS properly set up
(missing MX records, etc.) will be a problem with all SMTP servers, not just
James.
Granted, a little more documentation on setting up the James DNS entry properly
...
~The way I see it, James should not even be able to
~sneeze without the hostmaster being notified. My companys e-mail
By debug logging and utilizing several mailets, you can get James to more or
less CHA with redundant repositories etc..
~delivery is on the line, so if anything is just a little shaky
~I want to know about it. But maybe I overlooked some configuration parameters
~which could improve the postmaster notification? For instance, is it
~possible to get notified if any kind of exception occurs?
This is not a bad idea - but this would depend on the system being properly set
up. I struggled almost a month trying to get the James DNS entry set up
properly - and this was primarily because I didn't know where the error was -
yep, a User Error :-)
Is there anyway you can test your installation with a third part tool ?? This
might help you see where it MIGHT be broken
Thanks,
Alan
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Any dns change in 2.1.2?
Posted by "Noel J. Bergman" <no...@devtech.com>.
If that is correct, then the postmaster should receive mail for each message
going into the error repository. There were some uncaught exceptions (now
fixed) that might have prevented that prior to ... I believe I fixed some
for v2.1.1.
--- Noel
-----Original Message-----
From: Randahl Fink Isaksen [mailto:randahl@rockit.dk]
Sent: Thursday, March 06, 2003 4:52
To: 'James Users List'
Subject: RE: Any dns change in 2.1.2?
Hi Noel
In my Error matcher I have a NotifyPostmaster processor with an attached
stack trace tag. Is that what you mean?
Thanks
Randahl
-----Original Message-----
From: Noel J. Bergman [mailto:noel@devtech.com]
Sent: 5. marts 2003 18:05
To: James Users List
Subject: RE: Any dns change in 2.1.2?
> Earlier this year I tried the exact same thing. I too have experienced
> e-mails being dumped into the error folder or even just disappearing
> without me getting a bounce or the postmaster account getting a
noticed.
Do you have the error processor configured to notify postmaster (or
user) for each error?
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Any dns change in 2.1.2?
Posted by Randahl Fink Isaksen <ra...@rockit.dk>.
Hi Noel
In my Error matcher I have a NotifyPostmaster processor with an attached
stack trace tag. Is that what you mean?
Thanks
Randahl
-----Original Message-----
From: Noel J. Bergman [mailto:noel@devtech.com]
Sent: 5. marts 2003 18:05
To: James Users List
Subject: RE: Any dns change in 2.1.2?
> Earlier this year I tried the exact same thing. I too have experienced
> e-mails being dumped into the error folder or even just disappearing
> without me getting a bounce or the postmaster account getting a
noticed.
Do you have the error processor configured to notify postmaster (or
user)
for each error?
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Any dns change in 2.1.2?
Posted by "Noel J. Bergman" <no...@devtech.com>.
> Earlier this year I tried the exact same thing. I too have experienced
> e-mails being dumped into the error folder or even just disappearing
> without me getting a bounce or the postmaster account getting a noticed.
Do you have the error processor configured to notify postmaster (or user)
for each error?
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Any dns change in 2.1.2?
Posted by Randahl Fink Isaksen <ra...@rockit.dk>.
I will really look forward to improvement on James' fault tolerance with
respect to the DNS. What Jay wrote:
> This was causing mail that I sent through James to be quietly
> dumped into the error queue, and coincidentally it couldn't even
bounce
> back to me for the same reason.
Earlier this year I tried the exact same thing. I too have experienced
e-mails being dumped into the error folder or even just disappearing
without me getting a bounce or the postmaster account getting a noticed.
According to my ISP I had a DNS misconfiguration problem - something
about an invalid MX record and more (admittedly I do not know everything
about DNS servers). The way I see it, James should not even be able to
sneeze without the hostmaster being notified. My companys e-mail
delivery is on the line, so if anything is just a little shaky I want to
know about it. But maybe I overlooked some configuration parameters
which could improve the postmaster notification? For instance, is it
possible to get notified if any kind of exception occurs?
Randahl
-----Original Message-----
From: Noel J. Bergman [mailto:noel@devtech.com]
Sent: 4. marts 2003 19:18
To: James Users List
Subject: RE: Any dns change in 2.1.2?
No. I just checked the CVS change log to be sure, and there is no
record of
any changes to the DNS software. That is planned for the next update.
--- Noel
-----Original Message-----
From: Jay Kraly [mailto:jay@perspectivesoftware.com]
Sent: Tuesday, March 04, 2003 12:47
To: James Users List
Subject: Any dns change in 2.1.2?
Were there any changes in 2.1.2 that could affect hostname resolution?
I recently upgraded from 2.1 and found that after a couple days running
james couldn't resolve a hostname which it could resolve when first
started. This was causing mail that I sent through James to be quietly
dumped into the error queue, and coincidentally it couldn't even bounce
back to me for the same reason.
-J
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: Any dns change in 2.1.2?
Posted by "Noel J. Bergman" <no...@devtech.com>.
No. I just checked the CVS change log to be sure, and there is no record of
any changes to the DNS software. That is planned for the next update.
--- Noel
-----Original Message-----
From: Jay Kraly [mailto:jay@perspectivesoftware.com]
Sent: Tuesday, March 04, 2003 12:47
To: James Users List
Subject: Any dns change in 2.1.2?
Were there any changes in 2.1.2 that could affect hostname resolution?
I recently upgraded from 2.1 and found that after a couple days running
james couldn't resolve a hostname which it could resolve when first
started. This was causing mail that I sent through James to be quietly
dumped into the error queue, and coincidentally it couldn't even bounce
back to me for the same reason.
-J
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Any dns change in 2.1.2?
Posted by Jay Kraly <ja...@perspectivesoftware.com>.
Were there any changes in 2.1.2 that could affect hostname resolution?
I recently upgraded from 2.1 and found that after a couple days running
james couldn't resolve a hostname which it could resolve when first
started. This was causing mail that I sent through James to be quietly
dumped into the error queue, and coincidentally it couldn't even bounce
back to me for the same reason.
-J
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
Re: POSTMASTER account
Posted by Serge Knystautas <se...@lokitech.com>.
alan.gerhard wrote:
> Guys -
>
> I learned that the POSTMASTER account is a requirement as
> per RFC (thx noel) so we are required to alias everything
> that goes to POSTMASTER@JamesDomain.Com to the defined
> postmaster account.
>
> My concern was that this is a simple guarantee delivery for
> spammers - or is there a "law" against using the postmaster
> account ??
>
> If so, I would like to report a violation :-)
>
> Anybody know where I can do that ??
Nothing special... notify the ISP, notify the mail server's postmaster
(also maybe abuse@), possibly notify blacklists. Not much else you can do.
--
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
RE: POSTMASTER account
Posted by "Noel J. Bergman" <no...@devtech.com>.
Alan,
The only laws covering spam are the paucity of laws covering spam.
Role-based accounts are not separately governed.
The www.rfc-ignorant.org site that I referred you to earlier discusses a
number of these issues in general. Their comment regarding spam blocking
for postmaster@ is:
After careful consideration, there seemed to be a consensus
among users that use of blacklists, etc., did not meet the
"narrowly tailored" requirements for blocking mail to
postmaster, but that it would be undesirable to list sites
simply for employing the MAPS RBL and such on their
postmaster address. It was decided that we wouldn't list
folks if the rejection message for postmaster seemed to
indicate the reason for denial ("{ip} rejected as listed on
the MAPS RBL", etc.)
Basically, spam sucks, but the postmaster role account has an obligation
because of the requirement to service the e-mail infrastructure. For James
v3, there has been some discussion of blocking policies that balance the
issues.
--- Noel
-----Original Message-----
From: alan.gerhard@gercom.com [mailto:alan.gerhard@gercom.com]
Sent: Tuesday, March 04, 2003 10:08
To: James Users List
Subject: POSTMASTER account
Guys -
I learned that the POSTMASTER account is a requirement as
per RFC (thx noel) so we are required to alias everything
that goes to POSTMASTER@JamesDomain.Com to the defined
postmaster account.
My concern was that this is a simple guarantee delivery for
spammers - or is there a "law" against using the postmaster
account ??
If so, I would like to report a violation :-)
Anybody know where I can do that ??
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org