Author Topic: qmail send stopped working since installed squid (Read 8269 times)

regenbauma · « **on:** January 14, 2005, 01:45:30 PM »

I built a server rh72, qmail, apache, jetty same config that I have used for years.. sending mail works just fine. I loaded squid to handle some caching issues in attached ste top boxes, and now qmail keesp reporting timeout errors.... Can squid in any way inhibit outbound email ? I have port 25 as a safe port acl ... if it can...can nayone tell me what to do to squid to allow outbound email ?

MUCH thanks :?

Ricky · « **Reply #1 on:** January 15, 2005, 09:38:33 AM »

little unclear here..

do both squid and qmail are installed on same box ?

regenbauma · « **Reply #2 on:** January 15, 2005, 03:05:42 PM »

yes ..they are on the same box

2.4g .... 160G drive 1g ram .... we have approx 300 set top boxes , of which at any time maybe 10 are looking to leave the network and browse the web.squid was installed to deflect all web queries via the server and have some control rather than having stb's access web directly.

i have read of overhea dises relating to squid bu this has not seemed to be an issue ... im not sure if its squid thats hampering qmail-send , but it seems that this may have something to do with it .... even though in squid i have

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 25 # port25
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Exampe rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

the goal is to allow web access, but only via proxy ..all stbs are set to this proxy ..10.4.6.11

qmail runs 100% on indentical installs that dont have squid..... when i engaged russ nelson at qmail.org he checked qmail install (not squid install) and felt that the qmail install was 100% and said that the outbound mail problem was associated with the available outbound bandwidth (this is installed on a ship with a 256K sateliite link) ..... but I have a hunch that maybe squid is playing some role here ... so ANY lessons/feedback are apppreciated

Ricky · « **Reply #3 on:** January 16, 2005, 01:13:42 PM »

Quote

# Exampe rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks

Are you sure your squid is working, here some important things are commented out,

I want to clear one thing :
That if your gateway is squid machine then only it will affect transfer otherwise no!
What i want to say that both the things are installed on same machine so both are able to access net directly , it means squid can't hinder qmail !

Lastly.. give this Squid proxy configuration a look and use the squid.conf given there !

regenbauma · « **Reply #4 on:** January 16, 2005, 02:25:43 PM »

ok ..thats a great piece of criitcal info ...
if my appserver on that box , is injecting mail to qmail on that box, and squid is running on that box, your opinion is that regardless squid wont hinder outbound mail because qmail send is directed at the port direclty , not intercepted by squid.... squid will only manage requests inbound to the server. makes sense, but its great to have another opinion .... thanks

can you explain acls a bit ? I see that there is some hierarchy to the acl from allow all to allow none going top to bottom .. is that correct ? once acl says allow all, and the other sdays allow none ? how does squid evaluate this ?

Great board by the way ..... i love your tuorials.

Ricky · « **Reply #5 on:** January 17, 2005, 10:26:10 AM »

you may see allow all and deny etc..

Well we usually first deny and then give allow acl..
How that work ? it actually deny the requested ones and then allow all the rest !

acls can be grouped ie.. can allow and also deny in one line etc. As you work more with squid , you will understand more !