Who is moving my mail :( Redhat with IMAP

[Need4Speed]

running redhat 7.3 with fetchmail, sendmail, procmail and IMAP. I've noticed that my mail gets moved from /var/spool/mail/username to /home/username/mbox.

Which process is doing this? IMAPd? procmail? or Pine? Everything is installed as default. It's not a real problem when i use pine locally on the mail server, but when i check mail with my windows box. The IMAP inbox appears to be empty. If i subscribe to mbox, its fine...but that seems like a bandaid. So how do I keep my mail in /var/spool/mail? and when is the mbox file actually created? is it created by the 'mail' process?

TIA

 

[MrGrim]

Originally posted by: Need4Speed
Who is moving my mail 🙁

Sorry, won't happen again.

 

[rahvin]

You shouldn't be reading mail off the spool man. The spool is for delivery to your USER mbox. Sendmail is likely the one moving it to the proper location but I don't know for sure because sendmail is a piece of sh!t. 🙂 Use qmail.

 

[Nothinman]

My first guess would pine since I have a nearly exact setup as you and I don't have your problem.

I have sendmail, wu-imapd and procmail all working fine and my INBOX folder is the /var/spool/mail/username just as expected.

Sendmail is likely the one moving it to the proper location but I don't know for sure because sendmail is a piece of sh!t.

Sorry, wrong on both counts.

 

[rahvin]

Ok disregard my comments. Like I said I don't know sendmail at all because I don't use it. The spool is a sym link under my setup.

But I'm not wrong on sendmail being a piece of sh!t. It is, and a vulnerable on at that. 😉

 

[Nothinman]

But I'm not wrong on sendmail being a piece of sh!t. It is, and a vulnerable on at that

I've been running it for years, it works just great out of the [Debian] box and I've never been compromised. Qmail isn't FSF Free software and I couldn't get Postfix to accept mail for username@hostname where hostname resolves to the same IP as the box it's running on, but isn't the same as the boxes configured hostname.

 

[rahvin]

Originally posted by: Nothinman

But I'm not wrong on sendmail being a piece of sh!t. It is, and a vulnerable on at that

I've been running it for years, it works just great out of the [Debian] box and I've never been compromised. Qmail isn't FSF Free software and I couldn't get Postfix to accept mail for username@hostname where hostname resolves to the same IP as the box it's running on, but isn't the same as the boxes configured hostname.

Don't forget that knock on wood when you say it. 🙂 Qmail isn't free software. I know that. But it is secure and I don't have to worry about patching it every month. Although like you said, it doesn't work right with third party programs like Postfix, although I think if you look there are some source code patches to impliment the hooks necessary to get those third party programs working correctly.

 

[Nothinman]

Maybe I'm missing something, but there hasn't been a remote exploit for sendmail in a very long time. All the semi-recent advisories I see need a local account.

I'm not ruling out the discovery of a problem, but I do think sendmail has a semi-undeserved bad reputation.

 

[n0cmonkey]

Originally posted by: rahvin

Originally posted by: Nothinman

But I'm not wrong on sendmail being a piece of sh!t. It is, and a vulnerable on at that

I've been running it for years, it works just great out of the [Debian] box and I've never been compromised. Qmail isn't FSF Free software and I couldn't get Postfix to accept mail for username@hostname where hostname resolves to the same IP as the box it's running on, but isn't the same as the boxes configured hostname.

Don't forget that knock on wood when you say it. 🙂 Qmail isn't free software. I know that. But it is secure and I don't have to worry about patching it every month. Although like you said, it doesn't work right with third party programs like Postfix, although I think if you look there are some source code patches to impliment the hooks necessary to get those third party programs working correctly.

How did you setup your OS limits? I found very little documentation on this for OpenBSD and didnt feel comfortable messing with them myself on the machine I had qmail installed on. Im just wondering what kind of limits you setup to prevent qmail DoSing you 🙂

 

[n0cmonkey]

Originally posted by: Nothinman
Maybe I'm missing something, but there hasn't been a remote exploit for sendmail in a very long time. All the semi-recent advisories I see need a local account.

I'm not ruling out the discovery of a problem, but I do think sendmail has a semi-undeserved bad reputation.

It definitely deserves the "use with extreme caution" reputation in my book.

 

[Nothinman]

It definitely deserves the "use with extreme caution" reputation in my book.

If postfix would have worked the way I wanted it to easily I would have used it, but it didn't so sendmail went back on.

 

[n0cmonkey]

Originally posted by: Nothinman

It definitely deserves the "use with extreme caution" reputation in my book.

If postfix would have worked the way I wanted it to easily I would have used it, but it didn't so sendmail went back on.

But you probably secured it as best as you could. I still use it on a couple of systems... Or atleast I did, hard drive died on one...

 

[rahvin]

Originally posted by: n0cmonkey

Originally posted by: rahvin

Originally posted by: Nothinman

But I'm not wrong on sendmail being a piece of sh!t. It is, and a vulnerable on at that

I've been running it for years, it works just great out of the [Debian] box and I've never been compromised. Qmail isn't FSF Free software and I couldn't get Postfix to accept mail for username@hostname where hostname resolves to the same IP as the box it's running on, but isn't the same as the boxes configured hostname.

Don't forget that knock on wood when you say it. 🙂 Qmail isn't free software. I know that. But it is secure and I don't have to worry about patching it every month. Although like you said, it doesn't work right with third party programs like Postfix, although I think if you look there are some source code patches to impliment the hooks necessary to get those third party programs working correctly.

How did you setup your OS limits? I found very little documentation on this for OpenBSD and didnt feel comfortable messing with them myself on the machine I had qmail installed on. Im just wondering what kind of limits you setup to prevent qmail DoSing you 🙂

I'm not sure what you mean by OS limits. You'll have to excuse my ignorance on this point, I'm not familiar with the lingo enough because I don't use Linux as anything but a server OS. I'm not sure if you are talking about bouncing, or how the daemons are setup to run or something else.

I use maildir per his recomendation even though there isn't enough mail traffic to warrant it. I setup the scripts to run the daemons per his instructions (and downright instance), use a script to start it that was included in an RPM I found. (I use redhat) I installed his other applications he insisted be installed like the blackhole. All mail is configured to bounce at most 3 times before it goes to the postmaster. It doesn't relay by default. Ummm, can't think of anything else but I set it up 2 years ago.

 

[Need4Speed]

thanks for all the feedback...

here is what i found:

IMAPd is what moves the mail (Sendmail is nothing more than the MTA and procmail is the LDA) from spool to mbox under normal conditions EXCEPT redhat. in the redhat rpm the "use mbox driver" has been disabled...thus the mail stays in spool as Nothinman said. So why did mine move? well its the trusty 'mail' command. It originally was part of my shell startup to notify my of new mail...but as soon as 'mail' reads the spool dir, it moves the mail to mbox. One way to stop it, is to rm the mbox file....

for a more in depth look...check it out here

 

[n0cmonkey]

Originally posted by: rahvin

Originally posted by: n0cmonkey

Originally posted by: rahvin

Originally posted by: Nothinman

But I'm not wrong on sendmail being a piece of sh!t. It is, and a vulnerable on at that

I've been running it for years, it works just great out of the [Debian] box and I've never been compromised. Qmail isn't FSF Free software and I couldn't get Postfix to accept mail for username@hostname where hostname resolves to the same IP as the box it's running on, but isn't the same as the boxes configured hostname.

Don't forget that knock on wood when you say it. 🙂 Qmail isn't free software. I know that. But it is secure and I don't have to worry about patching it every month. Although like you said, it doesn't work right with third party programs like Postfix, although I think if you look there are some source code patches to impliment the hooks necessary to get those third party programs working correctly.

How did you setup your OS limits? I found very little documentation on this for OpenBSD and didnt feel comfortable messing with them myself on the machine I had qmail installed on. Im just wondering what kind of limits you setup to prevent qmail DoSing you 🙂

I'm not sure what you mean by OS limits. You'll have to excuse my ignorance on this point, I'm not familiar with the lingo enough because I don't use Linux as anything but a server OS. I'm not sure if you are talking about bouncing, or how the daemons are setup to run or something else.

I use maildir per his recomendation even though there isn't enough mail traffic to warrant it. I setup the scripts to run the daemons per his instructions (and downright instance), use a script to start it that was included in an RPM I found. (I use redhat) I installed his other applications he insisted be installed like the blackhole. All mail is configured to bounce at most 3 times before it goes to the postmaster. It doesn't relay by default. Ummm, can't think of anything else but I set it up 2 years ago.

cpu, memory and disk space limits.

 

[Sunner]

Im gonna have to join the "Sendmail is a POS" crowd.

For oen thing, it's less than stellar trackrecord, and secondly, it's a PITA to setup properly.

Granted, it was a while since I setup a box wuith sendmail, but at that time, I had a hugeass book from O'Reilly to help me out, and it still wasn't too easy to figure out.
I suppose if you install a box every now and then, you get a feeling for it, but I've done it like 3 times, and every time I spent some time cursing.

 

[Nothinman]

Granted, it was a while since I setup a box wuith sendmail, but at that time, I had a hugeass book from O'Reilly to help me out, and it still wasn't too easy to figure out.

Most of the sendmail mystery comes from all the macros in the config file, it's a fairly simple setup if you can remember all the variable/macro meanings.

I suppose if you install a box every now and then, you get a feeling for it, but I've done it like 3 times, and every time I spent some time cursing.

The Debian defaults just work, I had to spend a little time setting it up for my network but nothing major.

 

[rahvin]

cpu, memory and disk space limits.

I didn't bother with that. To be honest I still don't understand how to properly chroot a program let alone put limits on it. I really like the way qmail runs. It has a seperate program for each step of mail delivery. The main program, the one running suid doesn't actually do anything other than launch the other daemons and negotiate access to resources they can't access without root privledge. Its one of the reason I feel that if an exploit was ever discovered in qmail it would never amount to anything that could result in a root exploit.

But as I said I haven't limited qmail, from what I've seen of the processes they tend to sit idle unless they are actively processing email and email is processes as soon as it hits the queue.

Hotmail used to run on BSD/qmail.

 

[n0cmonkey]

Originally posted by: rahvin

cpu, memory and disk space limits.

I didn't bother with that. To be honest I still don't understand how to properly chroot a program let alone put limits on it. I really like the way qmail runs. It has a seperate program for each step of mail delivery. The main program, the one running suid doesn't actually do anything other than launch the other daemons and negotiate access to resources they can't access without root privledge. Its one of the reason I feel that if an exploit was ever discovered in qmail it would never amount to anything that could result in a root exploit.

But as I said I haven't limited qmail, from what I've seen of the processes they tend to sit idle unless they are actively processing email and email is processes as soon as it hits the queue.

Hotmail used to run on BSD/qmail.

A DoS waiting to happen... 😉

Anyhow, I just put sendmail back into operation on my home machine because the postfix install was giving me problems and I didnt have time to mess with it.

 

[rahvin]

A DoS waiting to happen...

What would you suggest I do to prevent it? The only thing I could see is repeatedly slamming the smtp or pop ports to DoS.

 

[n0cmonkey]

Originally posted by: rahvin

A DoS waiting to happen...

What would you suggest I do to prevent it? The only thing I could see is repeatedly slamming the smtp or pop ports to DoS.

There was a DoS out a little while ago that banked on the fact most people dont setup quotas and whatnot for qmail servers.

 

[rahvin]

Originally posted by: n0cmonkey

Originally posted by: rahvin

A DoS waiting to happen...

What would you suggest I do to prevent it? The only thing I could see is repeatedly slamming the smtp or pop ports to DoS.

There was a DoS out a little while ago that banked on the fact most people dont setup quotas and whatnot for qmail servers.

Well help me out here don't just patronize me. 😀 The only way I could see to DoS the service would be connection hammering on the SMTP and POP ports. I'm not sure I could see a reason for a space limit because it won't accept mail that isn't deliverable locally. I do see the possibility of DoSing the SMTP and POP processes and could see like a 10% max cpu usage, but I'm not sure. What do you use on sendmail?

 

[n0cmonkey]

Originally posted by: rahvin

Originally posted by: n0cmonkey

Originally posted by: rahvin

A DoS waiting to happen...

What would you suggest I do to prevent it? The only thing I could see is repeatedly slamming the smtp or pop ports to DoS.

There was a DoS out a little while ago that banked on the fact most people dont setup quotas and whatnot for qmail servers.

Well help me out here don't just patronize me. 😀 The only way I could see to DoS the service would be connection hammering on the SMTP and POP ports. I'm not sure I could see a reason for a space limit because it won't accept mail that isn't deliverable locally. I do see the possibility of DoSing the SMTP and POP processes and could see like a 10% max cpu usage, but I'm not sure. What do you use on sendmail?

Im only doing local delivery with sendmail right now because I havent had time to mess with anything else. And I wasnt patronizing you at all, I couldnt figure out limits when I looked for information (didnt have time or patience or the equipment to do proper testing) and I was wondering what you had done. If its working fine, there may not be anything to worry about for you. Never know.

(Sorry if this gets posted twice, my wireless connection sucks right now :/

 

[rahvin]

Well if you do impliment os limits on sendmail let me know what ranges I should use and I'll do it for qmail. I just don't have a feel for how much cpu time or anything I should give it. With the amount of mail I get/send it would be almost nothing.

 

[n0cmonkey]

Originally posted by: rahvin
Well if you do impliment os limits on sendmail let me know what ranges I should use and I'll do it for qmail. I just don't have a feel for how much cpu time or anything I should give it. With the amount of mail I get/send it would be almost nothing.

Thats exactly why I didnt bother... If I do get around to researching it and trying it Ill keep you informed. I wouldnt worry about it too much right now.... A DoS is great compared to a root compromise 😉